• SOFTWARE DEVELOPMENT 




The Industry Newspaper for Software Development Managers 

JBUILDER SUITE DUMPS ROSE, 
RUP, ADDS TOGETHER MODELER 



ISSUE NO. 073 



Borland Fires 'Sidewinder' 
C# Development 
Environment at VS.NET 3 

PerformaSure 2.0 Lets 
Developers Tag Along 3 

Gnome Foundation 
Shifts Strategy, Seeks 
Corporate Acceptance 5 

Novell Readies 

NetWare Update 6 



Small Worlds Adds 
Dependency Views 
To Analysis Tools 6 

At VSLive, Focus 

Is on 'Everett' IDE 8 

Kinzan Adapts to ebXML 

In Web Services Suite 10 

Sun Reversal 

On Solaris 9 For 

Intel x86 Complete 10 

SD West Adds Tracks 

On Security, Wireless 14 

IBM Unveils Handheld 
Reference Design 21 



AMD, Metrowerks Pair Up 
On OpenPDA Platform . . .21 

PointBase Embedded Java 
Database Matures 22 





A BZ MEDIA PUBLICATION $7.95 

www.sdtimes.com 




Borland now has 
all the pieces in 
place, according 



BY ALAN ZEICHICK 

Less than a month after 
officially closing on its 
US$185 million pur- 
chase of TogetherSoft 
Corp., Borland Software 
Corp. has started inte- 
grating the two compa- 
nies' product lines. The 
first fruits: a new version 
of the Together model- 
ing tool designed for to Paolini 
Borland's JBuilder IDE, 
and an updated Enterprise Stu- 
dio for Java suite that replaces 
Rational's Rose and the Rational 
Unified Process with the Togeth- 
er modeler. 

The new modeling 
tool, called Together 
Edition for JBuilder, is a 
$3,999-per-seat add-in 
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for JBuilder; Together- 
Soft had already offered 
a similar product for 
IBM's WebSphere Stu- 
dio. Both are essentially 
a Java-only subset of 
Together Soft's multilan- 
guage Together Control 
Center, including UML 
modeling with simulta- 
neous round-trip engi- 
neering, support for 
design patterns, and 
audits and metrics. 

According to Todd Olson, 
chief scientist at Borland's 
Together business unit and for- 
merly a vice president at 
TogetherSoft, develop- 
ers still will be using 
both the JBuilder IDE 
► continued on page 18 



Sanctum: Risk 
Assessment 
Must Be Early 

AppScan for Visual Studio .NET puts 
onus for security on developers 



BY DAVID RUBINSTEIN 

Cookie poisoning. Hidden field 
manipulation. Cross-site script- 
ing. User input validation. 

These are vulnerabilities that 
can make applications suscepti- 
ble to tampering and the white- 
collar crimes of identity theft 
and credit fraud, according to 
Steve Orrin, chief technology 
officer at software security com- 
pany Sanctum Inc. 

The company, which created 
the AppShield firewall and 
AppScan for risk assessment 
during the QA phase, this 
month will make available App- 
Scan Developer Edition 1.5 to 
bring vulnerability testing to 
the app development level. 

There are two main types of 
application vulnerabilities, Orrin 
said, citing common Web vul- 
nerabilities, which take advan- 
tage of holes in connections, and 
application-specific vulnerabili- 
ties, which subvert business log- 
ic and enable theft. 



The first version of AppScan 
Developer Edition has been 
integrated with Microsoft's 
Visual Studio .NET environ- 
ment as part of that company's 
Trustworthy Computing initia- 
tive. "Microsoft's been taking a 
lot of arrows [over security], but 
it's taking proactive steps to 
solve it," said Sanctum's Diane 
Fraiman, vice president of mar- 
keting. "Microsoft is no less 
secure than other IDEs. We're 
breaking through IBM, Apache, 
People Soft and Oracle all at the 
same rate." 

AppScan Developer Edition 
is a unit testing tool that sits as 
a new project type within 
VS. Net, Orrin said, that finds 
potential vulnerabilities by 
crawling through applications, 
creating custom tests based on 
the business logic and architec- 
ture by utilizing a patented pol- 
icy recognition engine, and runs 
the tests to validate whether or 
► continued on page 16 



IBM Builds Integration Around DB2 

New content add-ons take aim at BEA's Liquid Data 

According to Mattos, Infor- 



BY ALAN ZEICHICK 

In early February, IBM Corp. 
announced a new integration 
server for enterprise data, 
whether stored in relational 
databases, shared file systems 
or even content-management 
applications. But, according to 
the company, the new DB2 
Information Integrator, cur- 
rently in an early release, seeks 
to tap into a broader range of 
developers than competing 
integration solutions from BE A 
and Oracle, and does not 
require the use of IBM's DB2 
database or WebSphere appli- 
cation server. 



Nelson Mattos, the product's 
director within IBM's data man- 
agement group, described the 
new software, previously code- 
named "Xperanto," as a combi- 
nation of XML and federated 
data access. The goal, he said, is 
to allow developers to access 
data in place via normal database 
programming techniques — even 
if it's not in a database. 



mation Integrator goes beyond 
the limited federation capabili- 
ties of DB Universal Database. 
"The DB2 data integrator 
product focuses on integrating 
relational systems that IBM 
provides, such as DB2 and In- 
formix. What we are delivering 
now is a much broader capa- 
bility that allows you to inte- 




DB2 Information Integrator offers federated access to diverse data sources. 



grate information across all rela- 
tional database systems, includ- 
ing Oracle, [Microsoft] SQL 
Server, Sybase; unstructured 
sources, such as content-man- 
agement systems; and data in 
the file system — including any- 
thing that conforms to OLE DB 
or Web services." 

The range of data sources 
includes HTTP- and HTML- 
based online services, such as 
the Google portal, and e-mail 
servers, he said. 

Mattos described DB2 In- 
formation Integrator as a 
separate product from the 
better- known DB2 Universal 
Database, and would be along- 
side a relational database or 
content-management system. 

"You could deploy next to 
DB2 or Oracle or Documen- 
tum," he said, adding that the 
system does not maintain its 
own content repository. "It's an 
integration platform, and does 
not eliminate the need to store 
the information somewhere." 

He stressed the integration 

aspect, as opposed to data con- 

► continued on page 17 
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Borland Fires 'Sidewinder' at VS.NET 

Forthcoming C# IDE for Windows to support models, non-Microsoft databases 



BY ALAN ZEICHICK 

Bringing together its compiler 
and IDE expertise, newly 
acquired modeling software from 
TogetherSoft, and the .NET 
Framework SDK licensed from 
Microsoft Corp., Borland Soft- 
ware Corp. is preparing to 
release its own C# IDE for .NET. 

Planned for a midyear re- 
lease, the new Borland IDE, 
code-named "Sidewinder," uses 
the version of C# blessed by the 
European Computer Manufac- 
turers Association (EC MA), the 
vendor consortium that Micro- 
soft has entrusted as the lan- 
guage's officiating body. 

According to Simon Thorn- 
hill, Borland's vice president 
and general manager, "What 
we're doing is accelerating the 
.NET application development 
life cycle. There's a broad array 
of tools that customers are 
currently using, and they're 
not necessarily working well 
together. They lose time and 
efficiency as they move from 
one phase to another." 

Thus, Thornhill said, Side- 




Sidewinder will allow C#to work easily with non-Microsoft databases. 



winder will pull together ele- 
ments from the CaliberRM 
requirements-management tool, 
StarTeam collaborative devel- 
opment software, and Together- 
Soft modeling software. 

Sidewinder will be delivered 
as a single integrated develop- 
ment environment, unlike the 
multitool integration found with 
Borland's Enterprise Suite for 
Java, which also brings together 



coding and modeling, but via 
separate interfaces. 

But more important, Thorn- 
hill stressed, is that although 
customers may have chosen to 
use .NET for a project, that 
doesn't imply that they've cho- 
sen to go entirely with Micro- 
soft software. "They want to 
be able to integrate the solu- 
tions with Java and .NET," he 
said. "They're not pure Micro- 



soft companies. They haven't 
necessarily locked into SQL 
Server. There are a broad 
array of databases out there, 
and customers want the flexi- 
bility to use different ones." 

Sidewinder will provide 
better coverage to non- 
Microsoft databases, explained 
director of product manage- 
ment Michael Swindell, by 
using its own data provider 
within ADO.NET, the .NET 
Framework's multilayer inter- 
face to external databases. 
"We see Oracle, we see DB2, 
we see our own InterBase. 
We're focusing on providing 
direct support for all these 
enterprise databases through 
the Borland Data Provider, 
which treats them all equally." 

Another major goal of the 
Sidewinder project, said Thorn- 
hill, is design-driven develop- 
ment, going beyond Borand's 
previous efforts. "We see an 
opportunity to tightly integrate 
the design and the develop- 
ment, so that the model 
becomes your application." 



Swindell explained, "It's our 
goal to take modeling and appli- 
cation development and really 
fuse them together in a RAD 
way. The modeling environment 
is directly within the IDE." 

Thornhill insisted that the 
Sidewinder system is fully 
compliant with the .NET 
Framework, and does not 
cause interoperability prob- 
lems. Because Sidewinder will 
include the .NET Framework 
SDK, C# developers will not 
need to own Microsoft's Visual 
Studio .NET, he said. 

"This is .NET-standards 
based. We have a high degree 
of compatibility with what 
Microsoft is doing in the Win- 
dows .NET space, and that 
builds on our partnership with 
Microsoft. But it is an inde- 
pendent solution for .NET 
development." 

Thornhill also hinted that 
although the initial release of 
Sidewinder will be specifically 
for C#, other .NET languages 
may be supported in the 
future. I 



PerformaSure 2.0 Lets Developers Tag Along for Ride 

Quest's update uses low-overhead agents to test J2EE apps in production 



BY EDWARD J. CORREIA 

One measure of a successful 
tool for testing end-user appli- 
cations is its ability to remain 
unobtrusive. 

Claiming to have achieved 
that goal is Quest Software Inc., 
which this month is scheduled 
to begin shipping Performa- 
Sure 2.0, its perfor- 
mance analysis tool 
for J2EE applications. 
Quest inherited the tool 
along with its acquisi- 
tion of Sitraka last year. 

According to Ed 
Lycklama, co-founder 
and CTO of Quest PerformaSure 
(www.quest.com), what collects data at 
differentiates Perfor- the component 
maSure from competi- level, says 




multiple transactions as they 
flow across components and 
system tiers. "We're collecting 
data at a component level; from 
a servlet to a session bean, to 
an entity bean, to a JDBC 
request." The software then 
displays the time attributed to 
each of the components. 

Lycklama said that 
while such capabilities 
may well serve QA 
engineers in the lab, 
they do little for those 
charged with supporting 
deployed apps. "Once 
an application is in pro- 
duction, the application 
support people can't 
change it. Generally, 
they are not developers 
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The tag-and-follow feature allows PerformaSure users to track a trans- 
action through the application server. 



tors is a feature called Quest's Lycklama. and can see [only] that 



tag and follow. "Tag and 
follow lets you follow a transac- 
tion as it goes through the 
application server, see its 
impact on the database, and 
display that data in a graphical 
format." That permits develop- 
ers, he said, to track single or 



response time is slowing 
down. PerformaSure lets them 
see if delays are [due to] high 
volume or if the database was 
reaching a bottleneck." 

But the introduction of data 
collection, Lycklama admitted, 
also potentially brings signifi- 



cant performance drain, which 
he said Quest counters by 
automatically regulating the 
amount of data collected and 
with so-called low-overhead 
collection agents. "Performa- 
Sure regulates its own sam- 
pling levels to make sure it 
continues to impose a low 
amount of overhead on the 



application server. It will sam- 
ple less frequently if it needs 
to. The CPU is degraded by no 
more than about 5 percent 
while we're collecting data," 
he claimed. 

The new version also in- 
cludes improved filtering and 
reporting capabilities, and 
permits users to include or 



exclude certain transactions. It 
also adds support for Java 
Message Service instrumenta- 
tion, which Lycklama said 
requires the ability to handle 
and report JMS messages sent 
and received asynchronously. 

PerformaSure 2.0 also now 
runs on BE As Web Logic 5.1 
application server, which Lyck- 
lama said was necessary for the 
product to be useful in produc- 
tion systems. "People in devel- 
opment tend to be on the latest 
platforms, but applications in 
production may not always be." 
The tool had already supported 
WebLogic 6 and 7. 

Pricing for PerformaSure 2.0 
starts at US$25,000 per non- 
clustered Solaris or Windows 
server. In addition to WebLogic, 
it supports IBM's WebSphere 
as well as Apache, Microsoft 
IIS and Sun ONE HTTP 
servers. The company also 
claims to support all JDBC- 
compliant databases, including 
those from IBM, Oracle, Micro- 
soft and Sybase. I 
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Gnome Looks for Corporate Acceptance 

Open-source Ul foundation shifts strategy with time releases, usability guide 



BY DAVID RUBINSTEIN 

The release of the Gnome 2.2 
user interface last month is 
marked by two significant events 
that signal a change in the free 
software group s approach to the 
market, according to a member 
of the Gnome Foundation's 
board and release team. 

"Free software on desktops 
has always targeted a small 
niche," said Luis Villa, a 
Gnome board member and 
senior QA lead at Linux solu- 
tions provider Ximian Inc. 
"The old approach could only 
get a small portion of the mar- 
ket. We're looking larger." 

Gnome 2.2 marks the first 
timed release by the foundation, 
with Villa saying the goal now is 
to have a release every six 
months. The second key change 
is that this release includes 
Gnome Human Interface Guide- 
lines, a usability handbook fash- 
ioned after a similar publication 
by Apple Computer Inc. "We're 
trying to get away from the 
hacker mentality," Villa said. 
"We're now more mainstream in 
the sense that [Gnome] has a lot 
of corporate support." The chal- 
lenge, Villa said, is to keep 
Gnome as a powerful desktop 
while stripping away features to 
make it easy to use. 

Villa noted that Ximian and 
leading Linux operating-system 
vendor Red Hat Inc. will release 
products based on Gnome 2.2 
soon, while Sun Microsystems 
Inc. was expected last month to 
release its desktop for Solaris 
based on Gnome 2.0. Sun also is 
using Gnome on its Linux box- 
es, Villa added. 

As the Gnome Foundation 
(www.gnome.org) is not a top- 
down hierarchy but rather a 
volunteer-driven community 
effort, Villa said the seeds for 
this strategic change were 
planted some two years ago. 
"There are people who thought 
this was a good idea but then 
had to persuade." A sign of 
Gnome's maturity, Villa said, is 
that despite the fact the new 
release schedule and adherence 
to the usability guidelines will 
make development harder for 
contributors, there is "a lot of 
buy-in in the community." 

Villa added that Gnome will 
work with the people behind the 
KDE interface to establish desk- 
top standards that both efforts 
can adhere to, yet Villa added he 



believes Gnome's decisions "will 
make us more palatable to cor- 
porate IT staffs looking to get rid 
of a few of their Microsoft [Win- 
dows! licenses." 



Among the new features in 
the Gnome 2.2 release, which 
Villa described as incremental 
changes, are support for multi- 
media keyboards and, through 



an agreement forged with Bit- 
stream Inc. in December, bet- 
ter support for fonts. The 2.0 
release, which was completed 
in June 2002, improved start-up 



notification, added media capa- 
bilities to the file manager, and 
had a new architecture for cre- 
ating thumbnails of any media 
type, Villa explained. I 
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Network test equipment maker Ixia has integrated RadView Software 
Ltd.'s WebLoad Web application load-testing tools into Ixia's TXS 
transaction and traffic generator. The combined products, to be sold 
by Ixia, are designed to stress-test Web applications . . . Sun Micro- 
systems Inc. has merged its Sun Developer Connection program into 
its iForce partner program. iForce was previously focused on channel 
and integration partners, but now will handle ISVs as well. 



PRODUCTS 



BEA Systems Inc. has unveiled a new entry-level version of its J2EE 
app server. WebLogic Express, which provides JSP, a servlet engine, 
JDBC, JMX and Web services, costs US$694 per server with support 
through BEA's dev2dev Web site, or $1,145 with telephone support 
. . . Stellent Inc. has added XML conversion BTELLENT" 
capabilities to its Stellent Content Manage- — — * 
ment system. The conversion automatically applies the appropriate 
XSL transformation, and validates against DTDs specified in the XSL 
file . . . TeamShare Inc. has updated its TeamTrack project life-cycle 
management software to include LDAP capability, integration with 
Microsoft's Outlook e-mail client, multiuser and multigroup fields, 
and customizable browser templates. TeamTrack 5.7 also offers new 
levels of project security . . . Data Junction Corp. has released 
Information Architect, an integration server that works on struc- 
tured records, unstructured data and XML/EDI documents. The soft- 
ware includes a Java-based document schema designer that works 
with published schema standards, such as HIPAA and SWIFT 
. . . Microsoft Corp. will support Windows NT 4 through the end of 
2004; previously, the company said it would stop offering fixes and 
patches in mid-2003 . . . Seagull Software Inc.'s Transidiom 2.2 now 
supports Java Message Service. Transidiom is an integration pack- 
age that wraps business functions, implemented on IBM mainframes 
and AS/400 and iSeries minicomputers, into callable XML, Java and 
COM components . . . Etnus LLC has updated its TotalView debug- 
ger to run on IBM's P0WER4-based servers, Sun's 64-bit Solaris, and 
Beowulf clusters. Version 6.0 now also works with GNU gcc 3.2 and 
Intel's version 7.0 Fortran and C++ compilers for Linux . . . iRise Inc. 
has announced its Application Simulator, a 
tool that allows business analysts to build an 
interactive prototype of Web applications, to 
help architects determine if their model meets the customer 
reguirements prior to coding. The model builder costs US$9,995 per 
developer, and the simulation server costs $120,000 . . . QNX Soft- 
ware Systems Ltd. is now offering System Profiler, a graphical run- 
time code analysis tool for its Momentics microkernel development 
suite. The profiler is designed to work in both development and pro- 
duction environments running QNX's Neutrino real-time operating 
system . . . DataDirect Technologies Inc. has updated its DataDirect 
Connect for JDBC components to support IBM's Java Transaction 
API for DB2. Version 3.2 of the component set also supports BLOB 
and CLOB data types on SQL Server and Sybase databases 
. . . Interactive Objects Software GmbH is offering a beta of Arc- 
Styler 3.1, its Model Driven Architecture design tool. The new release 
works with J2EE and .NET, and supports C#and EJB 2.0 application 
servers, and has new features for automated code generation . . . 
ObjectVenture Inc. has updated its ObjectAssembler Enterprise pat- 
tern-based development tool for J2EE. Version 2.5 contains enhance- 
ments to the product's Pattern Workspace IDE, and includes 15 new 
design patterns . . . Computas North America Inc., a subsidiary of 
Norwegian firm Computas AS, has updated its Metis Enterprise XML- 
based modeling tool to add Web enablement in its model browser and 
improve data security within the model. Version 3.3 also includes a 
new browser-based model annotator that lets developers incorporate 
comments into the model . . . Seapine Software Inc.'s Test Track Pro 
5.1 defect-tracking system includes bulk field changes, offers new 
security options and supports Windows XP Themes. Also, version 1.2 
of the company's Surround SCM adds new repository-level security 
restrictions, and compressed data transfers and encryptions across 
external data connections. 




Novell Preps NetWare Update 



BY ALAN ZEICHICK 

In the three-way battle among 
Windows, Linux and Unix, it's 
easy to overlook NetWare, but 
like the Energizer Bunny, it 
keeps going and going. In this 
case, the forthcoming NetWare 
6.5, currently in a closed beta, 
continues on its march toward 
serving as an application plat- 
form, with the integration of the 
exteNd J2EE app server that 
Novell Inc. purchased along 
with Silver Stream in July 2002. 

The new version, according 
to Rob Seely, NetWare product 
line manager at Novell, includes 
the Apache 2.0 Web server, the 
Tomcat servlet engine, a J2SE 
1.4.1 JVM and the MySQL 
open-source database, in addi- 
tion to exteNd. It also adds Perl 
and PHP execution built into 
the operating system. 

Seely touted NetWare 6.5's 
Virtual Office feature, which 
allows end users to have brows- 
er-based access to features that 
typically would have required a 
systems administrator. Users can 
create accounts, change pass- 
words, find and install printers, 
and set up workgroup file 
shares, all through the graphical 
interface. "It's like setting up an 
account on Amazon.com; you 
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Version 6.5 of NetWare will highlight open-source software such as Apache 
2.0, Tomcat and MySQL. 



don't need to call an IT person 
to do it for you," said Seely, 
claiming that by allowing more 
self-service network control by 
users, enterprises would be able 
to save on IT costs. 

While Seely said that many 
of the open-source tools were 
present in NetWare 6.0, the 
company had not been dis- 
cussing those features, and was 
using them more internally 
within the operating system. 
Now, he said, Novell is opening 
those features up to what he 
referred to as "IT developers," 



for use in building add-ons to 
NetWare using an included 
browser-based interface. The 
software also can be used to 
build portals, he said, using a 
portal gadget tool set. 

NetWare 6.5 is scheduled to 
go into a public beta in the sec- 
ond quarter, said Seely, with 
general availability midyear. 
The company is not ready to 
disclose pricing, but it will fol- 
low the same model as NetWare 
6.0, which was licensed on a 
pure per-user basis, without 
separate charges for servers. I 



It's a Small Worlds, After All 

Source analysis tool unveils method-level dependencies 



BY ALAN ZEICHICK 

Small Worlds, the source-code 
visualization and analysis tool 
from Information Laboratory 
Inc., adds new capabilities to 
allow developers to view depen- 
dencies on multiple levels. 

CEO Alex Iskold said Small 
Worlds (www.thesmallworlds 



.com) goes beyond text-only 
views of code dependencies, and 
provides architects with a more 
interactive view of the model. 
The graphical views in the latest 
release, version 2.5, he explained, 
let developers drill down from 
high-level packages to individual 
methods, and detect and high- 
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Small Worlds 2.5 shows the relationships and dependencies among differ- 
ent Java packages and objects. 



light the violation of object-ori- 
ented principles, as well as cyclic 
dependencies and other poor 
programming practices. 

Targeted at developers using 
agile processes, Small Worlds 
is designed for use on large sys- 
tems with more than 500 
classes, Iskold claimed, where 
the reverse-engineering fea- 
tures of UML modeling tools 
can be overwhelmed, and un- 
able to provide both the big- 
picture view and the details. 

The first release of the 
US$l,750-per-seat Small Worlds 
Analyzer 2.5, expected in late 
February, will provide analysis of 
J2SE code, which has been the 
program's traditional base. But, 
according to Iskold, version 2.5 
incorporates a new language- 
independent foundation, which 
uses XML as its internal format, 
and this will enable future sup- 
port for C/C++, C#, J2EE and 
Visual Basic. The analyzer runs 
on Linux, Unix and Windows. I 
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At VSLive, the Focus Is on 'Everett' 

Third parties detail new features, functions to enhance VS.NET 2003 



BY ALAN ZEICHICK 

SAN FRANCISCO — The next 
release of Visual Studio .NET, 
the proliferation of .NET cus- 
tomers, and new members of 
Microsoft Corp.'s Visual Studio 
Integration Program all were 
spotlighted during 
VSLive, the indepen- 
dent Visual Basic- 
focused conference 
from Fawcett Technical Publi- 
cations Inc. While the February 
2003 event didn't have the same 
scale as the previous year's 
event, which saw Bill Gates for- 
mally delivering the .NET plat- 
form and VS.NET tool set, 
Microsoft's customers still 
found a solid mix of technical 
content and product initiatives. 
Microsoft was featured dur- 
ing the keynote address, deliv- 
ered by Eric Rudder, the com- 
pany's senior vice president of 
developer and platform evan- 
gelism. Rudder began by dis- 
cussing and demonstrating 
Visual Studio .NET 2003— for- 
merly known by its code name, 
"Everett" — and version 1.1 of 
the .NET Framework, both 
due for delivery on April 24, as 
well as the developer tools 
designed to ship with Micro- 



SDlkes 



soft's Office 11, expected in 
mid-to-late 2003. 

While many of the features 
of the updated VS.NET and 
Office tool sets have been 
long known to Microsoft devel- 
opers, many of whom are using 
beta versions, few- 
er attendees were 
familiar with the 
features of the next 
version of a revamped edition 
of Visual Basic, due for delivery 
after Everett, called "Whid- 
bey," planned to accompany the 
successor to SQL Server 2000, 
currently code-named "Yukon." 
Demonstrated by Ari Bix- 
horn, technical product man- 
ager for VB.NET, the Whid- 
bey release adds features such 
as edit-and-continue, XML- 
based inline comments, and 
improved support for printing 
and audio to Visual Basic 
.NET. Tying VB.NET closer to 
SQL Server, according to Bix- 
horn, will be the developers' 
ability to drag and drop data- 
base schemas into the code 
editor, which automatically 
creates the database connec- 
tion, as well as a basic data 
grid. VB.NET, he showed, also 
will discover and maintain the 



relationship between different 
database tables. 

Bixhorn and Rudder did not 
provide a time frame for the re- 
lease of Office 11, the Yukon 
database or the subsequent 
Whidbey version of VB.NET. 
However, other vendors at VS- 
Live either released products at 
the conference, or were more 
definite with their product 
announcements . 

PreEmptive Solutions 
Inc., whose entry-level code 
obfuscation software will be bun- 
dled with VS.NET 2003, 
released Dotfuscator Profession- 
al Edition 1.2, which can com- 
pact and protect managed C++ 
code, as well as applications that 
use the .NET Compact Frame- 
work. The new version also 
inserts invalid metadata in- 
to compiled applications that 
won't affect runtime, but which 
the company (www.preemptive 
.com) claims will block ildasm, 
Microsoft's .NET disassembler. 

Networks mart Developer is 
a new predictive performance 
tool from LeadByte Corp., 
scheduled to ship in April. The 
US$249 tool, which plugs into 
VS.NET 2003, reports on appli- 
cation performance prior to 
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Agilent Technologies' measurement tool plugs in to Visual Studio .NET. 



compilation, according to the 
company (www.leadbyte.com). 

Active State Corp. (www 
.activestate.com) released Perl- 
ASPX 1.0, a Perl language run- 
time forASP.NET. The US$395 
per-server runtime can be pro- 
grammed with Perl tools inside 
VS.NET 2003. 

Iron Speed Inc. (www 
.ironspeed.com) updated its 
Iron Speed Developer, which 
assists developers in building 



COMPONENT OFFERINGS MULTIPLY 




A number of component developers also unveiled updated wares 
at VSLive: 

Bennet-Tec Information Systems Inc. released TList .NET Win- 
forms Edition, a tool that allows data to be displayed as a list, tree, grid 
or combination tree/grid structure using Windows Forms. The compa- 
ny (www.bennet-tec.com) also released MetaDraw Winforms Edition, 
which lets developers display and dynamically manipulate object-ori- 
ented images. The new releases support the .NET Framework. 

ComponentOne LLC (www.componentone.com) shipped 
ComponentOne Reports for .NET Designer Edition, a superset of 
its previously available database reporting component for .NET. 
The designer edition includes a new report designer control, 
called CIReport Designer, which is delivered with full source code. 
The US$1,995 software includes a Crystal Reports migration util- 
ity and royalty-free runtime distribution. 

Dart Communications Inc. announced two versions of its 
Secure Shell components, one for ActiveX, the other for .NET. 
The PowerTCP SSH components, which support both the SSH1 
and SSH2 protocols, will ship in March. The company 
(www.dart.com) also released PowerTCP Mail for .NET 2.0, which 
allows .NET applications to communicate via POP, SMTP, MIME 
and, new to this release, IMAP. 

Data Dynamics Ltd. (www.datadynamics.com) released 
ActiveReports for .NET. The database reporting components 
offer similar functionality to the company's previous Active- 
Reports 2.0, but integrate with VS.NET 2003 and allow report- 
customization code to be written in VB.NET or Visual C#. The 
US$499 software includes an ASP.NET server control to let 
developers set up Web client report viewers. 



FarPoint Technologies Inc. demonstrated Spread for Windows 
Forms, which presents interactive tabular data within VS.NET 2003 
applications. The US$499 component offers similar functionality to 
the company's COM-based spreadsheet component, according to 
FarPoint (www.fpoint.com), including Excel import/export, in-cell 
editing and validation, and style customization. FarPoint did not pro- 
vide a release date for the component. 

Infragistics Inc. (www.infragistics.com) unveiled NetAdvan- 
tage 2003, its updated component suite for VS.NET 2003. Due to 
ship March 1, the suite includes a new ASP.NET grid with col- 
umn/row templates, multicolumn drop-down controls, client-side 
data sorting and XML layout load and save. The suite costs 
US$495, or $695 for an annual subscription that includes source 
code, free updates and priority response. 

N Software Inc. shipped IP Works CC .NET, a US$995 set of 
real-time credit-card-processing components for VS.NET that 
are functionally similar to its ActiveX, ASP, C++, Delphi and 
C++ Builder credit-card components. The company (www. 
nsoftware.com) also is running a public beta of IP Works EDI for 
.NET, a set of components for sending and receiving secure EDI 
transmissions over the Internet that are compliant with the EDI- 
INT and AS2 protocols. 

Northwoods Software Inc. (www.nwoods.com) has updated and 
rebranded its Go .NET interactive controls. Now called GoDiagram 
for .NET Windows Forms, the components allow end users to view 
and manipulate graphics such as flowcharts and state diagrams. 
The new release is now source-code compatible with the com- 
pany's GoDiagram Web Forms component. 

-Alan Zeichick 
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Web pages based on database 
tables, reports and fields. Ver- 
sion 1.3, shipping now, adds its 
own Iron Speed Markup Lan- 
guage, which consists of a series 
of XML tags that can be insert- 
ed into HTML text, and which 
can be used to trigger wizards 
in the Iron Speed design tool. 
This release also generates 
.NET Framework 1.1 code. 

Entirenet-Hunter Stone 
LLC released version 2.0 of its 
Web Config Editor tool. The 
tool, which helps developers 
manipulate ASP.NET configu- 
ration files, encrypts pass- 
words, improves data valida- 
tion and can now test SQL 
database connection strings, 
according to the compan 
(www.hunterstone.com). 

FMS Inc. (www.fmsinc.com) 
announced that it would ship 
its Total .NET Developer Suite 
simultaneously with the release 
of VS.NET 2003. The suite, 
priced at US$999 per develop- 
er, comprises Total .NET Ana- 
lyzer, which scans Visual C# 
and Visual Basic code for 
potential programming errors; 
Total .NET SourceBook, a roy- 
alty-free source-code library; 
and Total .NET XRef, which 
allows developers to generate a 
cross-reference to classes, vari- 
ables, properties and methods 
in VS.NET applications. 

Constructor, a new tool from 
Dot Net Builders Ltd., gener- 
ates code directly from a data- 
base schema or UML model. 
Scheduled to ship in April, Con- 
structor imports object models, 
► continued on page 12 



jumijg 



DEPLOYED IT YESTERDAY 
(NOT DAD) 



J software 



OPEN TOOLS 
PLAY 



1] WIN WITH OPEN TOOLS: TTie ClOdcenL^H eoj^s T iaft 
■*ty ynu nBad Hrtlwart that lets /ou cairtiine yuur twite 
dMbpflMnitoois into an irtagratetf suite 

i] WIN WITH WEBSPHERE IBM WebSphere 5lJdiDajlcniBlE& 

lasta sn you csi use yaur c-relErned toDfeefi in a single integrated 
aoplicBfiDP Mrvsr-nflulTBl Bnvirarm&m.WebScher^ ftrtol dut 
SOllwarepLXlhJlki IfCluLlilli) DH2TL0llfiT3na TlMiiliT 



31 MAKETHE 'PLAV: Vlsri ifcm.cgm.'WEb^her^'opErtMlsto 
download WetfiphEra Studa kidg Icdw 



(e>itf™ess /s tfm jjanre fflay ft? kvto ' 



DM, PPE. 1 1 tip Ttyit.WMirjJiMFi n»a-l 

ii^vq Ami rafr rrt»t uun-m C?1H IBM Qj^mtCTi W |O Lj i, f i Dj Mih ffi 



PPWIBiMWfiWIHWPWIP"^ 



Mnr« l^ipn^M- ihtlftf 



10 



NEWS 



Software Development Times . March 1 r 2003 



www.sdtimes.com 



Kinzan Adapts to ebXML in Web Services Suite 



BY DAVID RUBINSTEIN 

To handle transactions that 
require security, Kinzan Inc. 
has released version 2.5 of its 
Adaptive Web Services Suite to 
include support for the OASIS 
group's ebXML standard. Kin- 



zan also added support for the 
Apache Software Foundations 
Tomcat servlet engine to give 
customers a broader choice of 
Web services deployment plat- 
forms, the company says. 

Founded in 1998 and having 



such notables as board chair- 
man Bob Frankenburg, former 
president of Novell Inc., and 
CTO Garland Wong, the princi- 
pal architect of the Cybercash 
Internet payment system, the 
company has focused on ser- 



vices-based technologies and 
architectures within the Java 
environment. Web services, 
according to director of product 
marketing James O'Leonard, 
are a specific implementation 
of the services technology. 
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"We separate business data 
from the presentation, so we 
can take Java artifacts and 
break them down even further 
for reuse and to gain more flex- 
ibility within applications," he 
added. 

While the previous releases 
of AWSS supported typical 
request/respond messaging for 
Web services, it could not be 
used to create applications that 
required security, reliability and 
an understanding of workflow. 
With the new support for 
ebXML, AWSS can be used for 
a different class of application, 
O'Leonard said. 

Noting that BEA Systems Inc. 
and IBM Corp. already offer 
Web services solutions in the Java 
space, O'Leonard claimed Kin- 
zan (www.kinzan.com) resonates 
with customers who still want 
to take a more best-of-breed 
approach. I 

Sun Reversal 
On Solaris 9 For 
Intel Complete 

BY ALAN ZEICHICK 

The about-face is complete: 
After initially dropping support 
for Intel's processors from its 
operating-system plans, Sun 
Microsystems Inc. finally has 
shipped a version of Solaris 9 
for the x86 architecture. 

Noncommercial usage will 
be priced at no charge; com- 
mercial pricing starts at US$99 
per processor, according to 
Sun. The operating system 
includes Sun's directory server, 
firewall and disk-volume man- 
ager. The Sun ONE application 
server is not yet available for 
Solaris 9 x86. 

When announcing the Solaris 
9 beta in October 2001, Sun dis- 
cussed both Intel and SPARC 
processors, but in February 
2002, Sun implied that the Intel 
processor would not be support- 
ed. The company later reversed 
its position, arguing that Solaris 
x86 was delayed, not canceled. 
Solaris 9 for 64-bit SPARC 
processors was generally avail- 
able in May 2002. 

Sun will be making Solaris 
x86 available as an option on 
its Pentium Ill-based LX50 
servers, which were previously 
available with Solaris 8 or Sun 
Linux 5, a repackaged version 
of Red Hat Linux. I 
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4 continued from page 8 

built with other modeling tools, 
from any OLE DB data source, 
according to the company (www 
.dotnetbuilders.com), and pro- 
duces VB.NET or Visual C# 
code for the models business 
logic and user interface. 



SourceGear Corp. (www 

.sourcegear.com) released Vault 
1.0, a source-code control sys- 
tem for VS.NET 2003 sched- 
uled to launch in April. Vault, 
which runs under IIS, stores its 
data in SQL Server 2003, and 
communicates to clients via 
HTTP, SSL and Web services. 
The software costs US$999 for 



the server and five users; addi- 
tional users are $499 each. 
Visible Systems Corp. 

(www.visible.com) updated its 
Visible Developer tool for 
compatibility with VS.NET 
2003. The US$1,995 Visible 
Developer 3.1, due to ship 
along with Microsoft's IDE, 
generates Web services com- 



ponents based on business log- 
ic and database access code, 
directly from VB.NET and 
Visual C# applications using 
code patterns. 

Desaware Inc. released NT 
Service Toolkit for VS.NET 
2003, which allows managed- 
code applications to be compiled 
into NT services. According to 
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the company (www. desaware 
.com), the US$499 toolkit is 
compatible with Desawares NT 
Service Toolkit for COM. The 
company, according to president 
Dan Appelman, is preparing to 
launch CASTester, a code securi- 
ty auditing tool for .NET, in 
March. The product allows test 
scripts to be written in VB.NET 
or Visual C#, and provides 
results graphically and in XML. 
Prerelease pricing is $149 per 
developer. 

Flywheel is a source-code 
visualization tool from Veloci- 
tis Inc. Scheduled to be 
released in mid-2003, the 
product creates UML-style 
visualizations from VB.NET 
and Visual C# applications, 
according to the company 
(www.velocitis.com). Pricing 
begins at US$795. 

SoftArtisans Inc. released 
FileUp Enterprise Edition, a 
file transfer utility for 
ASP.NET that uses SOAP to 
transfer files. Unlike FTP, 
according to the company 
(www.softartisans.com), File- 
UpEE works through firewalls 
because it uses HTTP port 80. 

Uruguay and Chicago-based 
ARTtech released DeKlarit 
2.0, its VS.NET add-in for 
development using agile 
processes. The tool, which runs 
under VS.NET or VS.NET 
2003, allows developers to dia- 
gram applications using ob- 
ject-oriented business models, 
and then generates VB.NET 
and Visual C# code, as well as 
links to SQL Server 2000 or 
Oracle databases. The US$899 
update includes a new set 
of ASP.NET components, im- 
proves wrapper generators, 
and automatically generates 
the required ADO.NET ob- 
jects, according to the compa- 
ny (www.deklarit.com). 

ArtinSoft Zona Franca S.A. 
(www.artinsoft.com) shipped 
WinFormsToWeb Conversion 
Assistant, whose name pretty 
much says it all. Beyond that, the 
tool runs within VS.NET and 
moves Visual Basic 6.0 applica- 
tions to VB.NET The tool is 
priced at US$245. 

Agilent Technologies Inc., 
the big telecommunications 
equipment manufacturer, re- 
leased T&M Programmers 
Toolkit 1.1, a US$695 plug-in 
for VS.NET 2003 for creating 
test and measurement applica- 
tions. The new release (www 
.agilent.com/find/toolkit) sup- 
ports managed C++ code and 
allows USB-based communica- 
tions with test instruments. I 
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SD West Adds Security, Wireless Tracks 



BY EDWARD J. CORREIA 

Attendees of CMP Media 
LLC's Software Development 
Conference and Expo this year 
will again get three shows for 
the price of one; it will once 
more co-locate with the SD 
Management and Web Services 
World conferences. In addition 
to its usual complement of full- 
and part-day sessions that 



include C/C++, Java, .NET and 
XML classes, this year's show 
will offer security and wireless 
development tracks. 

Among the wireless sessions 
will be "Rapid Fire Wireless 
101," a beginner-level course 
hosted by Bill Day, staff engi- 
neer and chief technology evan- 
gelist at Sun Microsystems Inc. 
The 90-minute course will 



touch on the approximately two 
dozen wireless technologies 
currently in use from Bluetooth 
and HomeRF to Mobile IP and 
XHTML. Wireless sessions also 
will include "Designing and 
Developing End-to-End Appli- 
cations using J2ME," an ad- 
vanced course that will present 
Java components for each 
phase of communication and 



CONFERENCE GIVES DEVELOPERS WEB SERVICES EDGE 



BY DAVID RUBINSTEIN 

Once again, the Web Services 
Edge East Conference and 
Expo will house four confer- 
ences in one, with tracks for 
Java, XML and .NET being 
bundled in for attendees, who 
last year numbered around 
8,000, according to show orga- 
nizer SYS-CON Media Inc. 

The Java track at the event, 
which runs from March 18-20 at 
the Hynes Convention Center in 
Boston, includes sessions looking 
at the Standard Widget Toolkit 
for the creation of user inter- 
faces, and using tools such as the 
JUnit open-source offering to 
encourage Java developers to do 



more code testing, plus an exam- 
ination of the relatively new Java 
Data Objects specification for 
accessing data. 

Among the courses in the 
.NET track are a session for 
developing an end-to-end 
.NET-connected application, 
and an "Introduction to Dot- 
GNU, which will look at open- 
source projects based on 
ECMA standards of the Com- 
mon Language Infrastructure 
developed by Microsoft Corp. 

The XML sessions include 
an explanation of using XML 
for enterprise application inte- 
gration, and a look at security 
integration challenges. I 



web 
services 

conierenc& I 

CONFERENCE: March 18-20 
Hynes Convention Center, Boston 

CONFERENCE HOURS: 
Tuesday-Thursday, 9 a.m.-4:50 p.m. 

EXHIBIT HOURS: 
Wednesday, 11 a.m.-6 p.m. 
Thursday, 11 a.m.-4 p.m. 

KEYNOTE SPEAKERS: 

Tuesday, 10 a.m., John Magee, VP, 

Oracle 9i, Oracle Corp. 

2 p.m., Miguel de Icaza, co-founder and 

CTO, Gnome Foundation 

Wednesday, 10 a.m., Mark Herring, 
senior director for Java Web services, 
Sun Microsystems Inc. 

www.sys-con.com 
/webservicesedge2003east 



demonstrate a working system. 
The 90-minute course will be 
hosted by Charleton Barletto, a 
senior engineer at Borland 
Software Corp. 

The security track will in- 
clude basic courses in cryptogra- 
phy and instance-based security 
in Java, as well as "J2EE Securi- 
ty for Servlets, EJBs and Web 
Services," an advanced course 
that will describe how to incor- 
porate identification, authenti- 
cation and authorization in 
J2EE applications for data 
integrity, confidentiality and 
nonrepudiation. This 90-minute 
session will be hosted by Pankaj 
Kumar, Web services architect 
at Hewlett-Packard Co. 

The show's opening keynote, 
titled "Building Secure Software: 
How to Avoid the Security 
Swamp and Build Stuff That 
Works," will cover quick and 
painless techniques for incorpo- 
rating security into applications 
without blowing your budget 
and deadline. It will be delivered 
by Gary McGraw, CTO of quali- 
ty-management software devel- 
oper Cigital Inc. The featured 
keynote, "Making the Code 
Look Like the Design," will be 
delivered by Charles Simonyi, 
president and CEO of Intention- 




C0NFERENCE: March 24-28 
Santa Clara Conference Center 
Santa Clara, Calif. 

CONFERENCE HOURS: 
Monday, Tuesday, 8:30 a.m.-8:30 p.m. 
Wednesday, 8 a.m.-6 p.m. 
Thursday, 8:30 a.m.-9 p.m. 
Friday, 8 a.m.-3:00 p.m. 

EXHIBIT HOURS: 
Tuesday, 5:30 p.m.-6:30 p.m. 
Wednesday, Noon-5 p.m. 
Thursday, Noon-3 p.m. 

KEYNOTES: 

Monday, 12:15 p.m.-1:15 p.m.: "Building 
Secure Software: How to Avoid the Secu- 
rity Swamp and Build Stuff That Works," 
Gary McGraw, CTO, Cigital Inc. 

Wednesday, 5 p.m.-6 p.m., "Making the 
Code Look Like the Design," Charles 
Simonyi, president and CEO, and Gregor 
Kiczales, VP of development, Intentional 
Software Corp. 

Thursday, 12:15 p.m.-1:15 p.m., "Individu- 
alism vs. the Company Line," Bruce 
Perens, open-source evangelist 

www.sdexpo.com 

al Software Corp., and Gregor 
Kiczales, IntentionaPs vice pres- 
ident of development. They will 
discuss the evolution from the 
looping constructs of structured 
programming to object-orient- 
ed and model-based develop- 
ment and beyond. I 
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from email to 

secure credit cord 

transactions, 

only one 

component suite 

does it all! 
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BACK? GIVE ME 

A BREW. I BUILT 

THIS COMPANY! 



I'm sure I don't need to tell you thpt Qpenlnsight 
it th» only application yw'll ever need for 

building and deploying rich, powerful and 
scalable database apptBtalJons that ™ I iu-, ju*i 
abOLrt anywhef# you want - on LANt, WANs, or 
the web. 

Out of tha bent Operfciraifltrt mmes with 3 
database with features unrivaled in the industry. 
In its relive for niit it ft fulEy compacibte wilii 
Advanced Revelation ar>d most variable length 
multi-dimensonai data management piodLKts. 

Qpenlnsight is the worth-ore* of database 
applications. And like ma, it has matured nicely 
over the yew. 

Wart to publish your data to the web? Not a 
problem. Openlnskjht can publish both static 
and dyrumic HTML N»d XML support? Vbu\* 
got it, Data cam be created, ejiported cr 

maintained directly ift 
XML or requests can 
come in via the web and 
Opwtnsight will generate 
XML dab on-the-fly. 






OpenlnskjliE J s client/server tools feature a 
que*y window, a SOL script-buiNSng assistant 
database connection builder and a DataSet 
Object definitiom tool to let you access dala from 
sources other than your own Revdatiort data. 
OpenJnsight also gives you data warehousing at 
lis fioftst. Tafln your p4dk - ODGC SQL Serve r. 
Notes cr Oracle. 

And T*i*i Opening! 1 * pnbjtiYe IDE, 
deveiopirKji your appfcations couldn't be easier. 
The IDE mdudfii a farm designer, system editor 
vd debuggw, a popup dirignarfar«ating 
data lists, and Revelation Reporter for creating 
presentation-quality r^ns; won't your CTO be 
impressed 

Folks, I ha*e a lot mote I want to tell you 
about Openlnsght, bat my coffee ft parting 
cold. For more information about Openlnsw^it, 
9 about Openln&ghi training classes at 
Ri9v^M&n Headquartfr^ or one of our 
Authorized Training Centers [ATC*)r go to 
vww 1 r«vflatlon.<OFiri/idt/tdtho<nt or call 
HX}-262-4?l? t 
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You don't have to be big to get big features. TRACKGEAR 
offers a complete set of powerful, flexible and easy-to-use 
features at the same low price to aN businesses. 
Erjoy custom workflow lor eveiy conceivable process wilh auto-ranting., 
unlimited iwrs hvHh toncunpnt-u^r Hcen^in^. FRf E beta letter o* pjpfl 
access, ^row prqject munagemfi^L customizable quEiy tn-3^ and meftfeSi 
uter-delmed e-mail nolilication ru'es, scheduled status report di'Ltr^bution, 
audit UfiiJs. MdCiC&ofl V5S integration, frttf mart 

TRACKGEAR 

BUG TRACKING FOft VALUE CONSCIOUS BUSINESSES 



-::•! : FREE TRIAL. ,in -n nil rr df-rnn. or mo-rp information, 
go to wwwJggigear.cpm/trackgMr/ 



SANCTUM 

< continued from page 1 

not the application is vulnerable. 

AppScan Developer Edition tests for 
10 potential security breaches, among 
them cross-site scripting, which Orrin 
explained is the most prevalent attack on 
the Internet, and the easiest to fix once 
you know you have the problem. By 
inserting Java code into an input field of 
a Web page form, a hacker or thief can 
take over someone's seemingly secure 
session by accessing that person s cookie, 
Orrin said. 

The advantage to testing for vulnera- 
bilities during development, Fraiman 
said, is that it is less expensive to plug 
potential security gaps at that time than 
it is later on in the application life cycle, 
making the tool attractive to corpora- 
tions looking to drive down costs and 
mitigate risks, she added. 

Orrin said AppScan Developer Edi- 
tion not only can identify potential secu- 
rity problems in code, it also can recom- 
mend fixes and remediation of the 
problems to developers, who are usually 
not familiar with these types of security 
breaches. 

"It allows them to get a higher-quali- 
ty application to QA faster," Orrin said, 
acknowledging that getting developers 



to change the way they do things will be 
a large obstacle to overcome. "[Security] 
hasn't really been a developer issue 
before. This fits with the process of 
build, test, fix, recompile." 

AppScan Developer Edition can be 
used to scan a specific business logic 
path, and all scans can be traced to allow 
development managers to track trends 
using Microsoft's Visual Source Safe 
within VS.NET, and these managers 
then can parcel out the problems to get 
them fixed, Orrin explained. Reports 
can be generated in PDF for managers, 
and developers can export them for use 
in a defect-tracking system. 

Sanctum (www.sanctuminc.com), 
which was founded in Israel by former 
members of the national security office, 
originally approached Microsoft about a 
joint effort around AppShield, but 
Microsoft wanted to incorporate App- 
Scan into its development environment, 
Fraiman said. AppScan Developer Edi- 
tion sells for US$955 per single-user 
license. 

"The opportunity for companies to 
save money and get ahead of the prob- 
lem sooner is to drive [security testing] 
through the life cycle," she said. 
Microsoft realized there is a need for 
developers "to take on the responsibility 
of higher-security apps." I 




TOP TEN APPLICATION-LEVEL HACKS 

Cookie Poisoning H?W Identity theft. Manipulating the information stored in a 
browser cookie so that you are recognized as another user and have access to that 
user's information. 

Hidden Field Manipulation n?W eShoplifting. Changing fields in a page's source code 
to manipulate the price of an item. 

Parameter Tampering CT^ Fraud. Changing information in a site's URL parameter to 
allow, for example, a credit card with a $500,000 limit. 

Buffer Overflow HTW Closure of Business. Exploiting a flaw in a form to overload a 
server with enough information to make it crash. This often causes the server to crash, 
shutting down the Web site. 

Cross-Site Scripting H?W Hijacking/Breach of Trust. Malicious code is injected into a 
site. Because the malicious scripts are executed in a context that appears to have orig- 
inated from the targeted site, the attacker has full access to the document retrieved 
(depending on the technology chosen by the attacker), and may send data contained 
in the page back to the attacker's site. For example, a malicious script can read fields 
in a form provided by the real server, then send this data to the attacker. 

Backdoor and Debug Options n?W Trespassing. Often, programmers will leave in 
debug options in order to test the site before it goes live. Sometimes, in haste, they will 
forget to close the holes, giving hackers free access to sensitive information. 

Forceful Browsing ETW Breaking and Entering. Subverting the application flow to 
access information and parts of the application that should normally be inaccessible, 
such as log files, administration facilities and application source code. 

Stealth Commanding H?W Kidnapping. Inserting a Trojan horse into the scripting of a 
site that allows control from a remote location. 

Third-Party Misconfiguration Ef?W Debilitating a Site. Since vulnerabilities are 
posted and patches are made available on public Web sites (such as www 
.securityfocus.com), hackers are alerted to new vulnerabilities as they arise. For 
example, through a configuration error a hacker could create a new database that 
renders the existing one unusable by the site. 

Known Vulnerabilities CT1W Taking Control of the Site. Some technologies used in 
sites have inherent weaknesses that a persistent hacker can exploit. For example, 
Microsoft's Active Server Pages (ASP) technology can be exploited to gain the admin- 
istrators' passwords and take control of the entire site. 

Source: Sanctum Inc. 
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DB2 INTEGRATOR 

< continued from page 1 

solidation. "It is a middleware 
product that leverages existing 
databases. A lot of our competi- 
tion talk about addressing cus- 
tomer integration needs by 
moving all their data into a sin- 
gle database," he said, oblique- 
ly referencing Oracle. 

The DB2 Information Inte- 
grator, said Mattos, doesn't 
introduce new programming 
models or APIs; data sources 
are accessed via SQL queries 
sent via JDBC or ODBC calls, 
and then relayed to different 
back-end systems. 

"It looks to the developer 
like all the data is in a single 
SQL database — whether it is 
or it isn't," he said, adding 
that configuration of the inte- 
grator, and linking it to differ- 
ent data sources, would typi- 
cally be done by a database 
administrator. 

DB2 Information Integra- 
tor isn't based on a proprietary 
architecture, insisted Mattos, 
who said that back-end data 
sources are tied together using 
either specific wrappers or 
direct communication via the 
SQL/MED standard, an ISO- 



approved extension of the 
SQL 99 language that specifies 
wrappers for allowing access 
to diverse data sources. 

IBM was the prime driver 
behind that standard, which 
was proposed in 1999; for an 
overview, see www.acm.org 
/sigmod/record/issues/0209/jim 
melton.pdf. 

According to Mattos, IBM 
also has released a functionally 
equivalent version of the 
software, called the DB2 In- 
formation Integrator for Con- 
tent, designed for content- 
management applications. 

"It uses object-oriented 
interfaces, ActiveX compo- 
nents and things like that, to 
make the development of 
applications in that environ- 
ment easier," he said 

Mattos claimed that the 
biggest difference between 
DB2 Information Integrator 
and BE As Liquid Data, which 
also claims to federate external 
data sources, is the use of SQL 
as its query mechanism. 

"We are allowing customers 
to leverage their existing 
skills," he argued, "while the 
BE A effort is purely focusing 
on XQuery, which is not yet a 
standard, and for which the 



number of skills in the market- 
place is quite small." Liquid 
Data runs only on BE As 
WebLogic application server. 

When pressed, Mattos did 
admit that DB2 Information 
Integrator actually does not 
support the emerging XQuery 
specification, and wouldn't 
even commit to doing so. 

"We have a lot of support for 
XML, including integrating 
XML data and delivering XML 
as the result of a query," he 
said. "But we are not delivering 
XQuery [support] at this time; 
we are likely to do so once the 
standard has been finalized." 

DB2 Information Integrator 
is available now to a small num- 
ber of IBM customers and part- 
ners, said Mattos, but should be 
generally available by June; he 
would not disclose the software's 
pricing and licensing model. 

While Mattos stressed sever- 
al times that the Information 
Integrator is independent of 
DB2 Universal Database, the 
product's naming sends a differ- 
ent message. The preview prod- 
uct (www-3.ibm.com/software 
/data/integration/iipreviewhtml) 
is called version 8.1, matching 
the current release of the DB2 
database. I 
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< continued from page 6 

MochaWorks Inc., which sells tools for embedded Java development 
using J2ME and J2SE, has hired Tom Schild as president and CEO. Pre- 
viously, Schild was EVP for BSquare Corp. He takes over from founder 
Jeff McLeman, who remains chairman and CTO . . . Embedded soft- 
ware tools vendor Espial Group Inc. has hired Martin Leamy as its new 
CEO, replacing Jaison Dolvane, who remains president. Leamy previ- 
ously served as president and COO of OpenTV . . . Sun Microsystems 
Inc.'s James Gosling was presented with the ACM's Software System 
Award for his development of the Java programming language. 



STANDARDS 



The World Wide Web Consortium has approved DOM Level 2 HTML as 
a recommendation; the spec defines an interface for programs and 
scripts to dynamically access and update the content, structure and 
style of HTML and XHTML 1.0 documents. The W3C also has released 
Scalable Vector Graphics 1.1 and Mobile SVG as recommendations, 
and VoiceXML 2.0 as a candidate recommendation . . . Liberty 
Alliance Project, a vendor consortium, has released version 1.1 of its 
Liberty Alliance Specification for federated network identity man- 
agement. The update removes ambiguity and corrects errors in the 
original release, which appeared July 2002 . . . Object Management 
Group Inc. has formed a new Business Rules Special Interest Group, 
to promote standards for business process modeling . . . The Open 
Group vendor consortium, which owns the Unix trademark, has 
announced a test set for its Single Unix Specification 3.0, which is 
due to be completed in the first half of 2003. The spec aims to certify 
a common source-code interface among Unix dialects . . . The first 
draft of OASIS' Universal Business Language specification is avail- 
able for public review. The comment period runs through April 14. 1 



Does your Team do more than just track bugs? 
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Atcx&ys Team does! Alcx.sys Team 2 is a mull Uitsw Team nunugement system thai provide a 
powerful yet easy way to manage all I he members of your team an J their ta*ks - including defect 
tricking. Use Team right out of I he box or tailor it to your neetk. 
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JBUILDER 



4 continued from page 1 

and Together modeling inter- 
face, but it should be seamless to 
switch between the two GUIs. 
"You have both applications run- 
ning, and you use JBuilder as the 
code-centric environment, and 
use Together for the diagram- 



ming features. The nice aspect 
of the integration is when you go 
between the products, they syn- 
chronize the context. You're 
always in the flow" 

Olson contrasted Together 
Edition for JBuilder with 
Together Control Center, also 
known as TCC. "TCC is a stand- 
alone application designed for 



software architects; it has multi- 
language support, so you can do 
more higher-level modeling 
architecture. Together is focused 
on the Java developer that wants 
JBuilder. TCC doesn't have the 
context- switching integration 
that Together Edition for 
JBuilder has." 

The new version of Together 



is the focus of Enterprise Studio 
5 for Java, which debuted in 
mid-February. The previous Stu- 
dio 4, which appeared in June 
2002, contained JBuilder 7, the 
Optimizeit 4.2 product suite, and 
a development version of Bor- 
land's Enterprise Server J2EE 
app server, as well as a Java-spe- 
cific version of Rational Software 
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Corp. s Rose UML modeler and 
the Rational Unified Process. It 
also contained Borland's Jdata- 
Store database and Macromedia 
Inc.'s Dreamweaver MX Web 
development tool, which worked 
with Java, Active Server Pages 
and JavaServer Pages. 

Enterprise Studio now in- 
cludes JBuilder 8, and Opti- 
mizeit Suite version 5.0, both of 
which were already on the mar- 
ket. In addition, Borland yanked 
Rationale modeling software, 
replacing it with Borland's own 
Together Edition for JBuilder, 
and removed Dreamweaver. 

While removing Rational's 
products would make sense, giv- 
en that TogetherSoft's tools were 
directly competitive, why take 
out Dreamweaver? According to 
Bill Pataky, director of product 
management for the Java Busi- 
ness Unit, "Our research showed 
that Borland Enterprise Studio 
for Java customers frequently 
already had a tool in that space — 
either Dreamweaver or a com- 
petitor. Given that, we opted to 
drop that component of Studio." 

"We've got much tighter 
integration with Together Edi- 
tion [than with Rose]," said 
George Paolini, Borland's new 
vice president of its Java Busi- 
ness Unit. The suite also will 
integrate with CaliberRM, 
the stand-alone requirements- 
management tool that Borland 
purchased along with Starbase 
Corp. in late 2002. "If you want 
to trace requirements through 
Together, and from Together to 
JBuilder, you can do that; we 
actually had the integration with 
CaliberRM, before any of the 
mergers took place." 

When you factor in the Cal- 
iberRM integration, claimed 
Paolini, "this is the first time that 
Borland has offered a full appli- 
cation development life-cycle 
management product, with all 
the pieces in place." 

With all the changes to the 
Enterprise Suite, the price has 
increased significantly, from 
$5,999 to $6,999 per seat. 

GOODBYE, VISUALCAFE 

Borland has quietly discontinued 
VisualCafe, a Java IDE that 
TogetherSoft picked up in 2002 
during the dismantling of Web- 
Gain Inc. According to Pataky, 
Borland wants VisualCafe users 
to migrate to JBuilder, using a 
free conversion utility at http: 
//info.borland.com/new/jb7/vcafe 
.html. Likewise, he said, "Bor- 
land Enterprise Studio 5 for Java 
is the replacement product for 
WebGain Studio." I 
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IBM Unveils Handheld Reference Design 

Packs its middleware with MontaVista, Trolltech software for PowerPC 



BY EDWARD J. CORREIA 

IBM Corp. is throwing its soft- 
ware weight behind the Pow- 
erPC 405LP PDA Reference 
Design, a palm-sized applica- 
tion platform based on its 
PowerPC processor that will 
be running MontaVista's Lin- 
ux, Trolltech's GUI environ- 
ment and a cadre of IBM's 
enterprise software, including 
relational database and device 
management clients, voice and 
handwriting recognition and 
its J2ME virtual machine. 

The extensive list of bun- 
dled software includes IBM's 
HTTP servlet engine, SyncML 
client, embedded ViaVoice, 
GSM/GPRS support with phone 
dialer and SMS, Tivoli device 
management client, an OSGi- 
compliant service management 
framework, Everyplace Mobile 
Enterprise Application Kit, and 
the Consumer Electronics Edi- 
tion of MontaVista Linux, 
which, according to IBM, works 
with its processor to reduce 
power consumption by as much 
as 50 percent. In addition, the 
Trolltech Qtopia windowing 



development framework and 
e-mail and productivity apps 
are included. Security software 
includes DES, triple-DES, SSL 
and IPsec. 

The base-unit hardware list 
also is lengthy, and includes 
32MB SDRAM, 32MB Flash, 
64MB disk-on-chip, 4-inch 
touch-sensitive color LCD, 
stereo I/O and speakers, USB 
1.1 client and host ports, and a 
Xilinx 3,000-gate field pro- 
grammable gate array. Blue- 



tooth 1.1 communications 
capability is provided via an 
included Toshiba SDIO card. 
A developer sled provides an 
additional USB host port, plus 
Fast Ethernet, serial, JTAG 
and Flash programming ports, 
plus a PC Card slot. 

The PowerPC 405LP pro- 
cessor itself, which can operate 
at up to 380MHz, delivers 
acceleration for DES and 
speech processing, controllers 
for STN and TFT displays up to 



XGA resolution, additional con- 
trollers for DMA and SDRAM, 
16KB data and instruction 
caches, and dedicated JTAG 
trace debug logic. 

The platform (www.chips 
.ibm.com), which was first 
demonstrated at the Linux- 
World conference in New York 
in January, is scheduled to be 
available with beta software 
this month; general release is 
set for June. Pricing has not 
been disclosed. I 




IBM is bundling its enterprise soft- 
ware with third-party software in 
the PowerPC platform. 



AMD, Metrowerks Pair Up on OpenPDA Platform 

Embedix acquisition gives rise to 32-bit reference design 



BY EDWARD J. CORREIA 

Motorola subsidiary Metro- 
werks Inc. has teamed up with 
chip maker Advanced Micro 
Devices Inc. to introduce a 
Linux-based development kit 
based on AMD's new Alchemy 
Solutions Mobile Client Ref- 
erence Design Kit. The new 
OpenPDA Platform will run 
software Metrowerks acquired 



along with Linux tools devel- 
oper Embedix Inc. last 
December. The MlPS-based 
kit is intended to speed devel- 
opment of handheld comput- 
ers, smart phones and other 
mobile devices. 

According to Berardino 
Baratta, Metrowerks CTO and 
vice president of its newly 
formed Linux Solutions 



Group, OpenPDA is far more 
complete now than when it 
was acquired two months ago. 
"OpenPDA was a great start, 
but it had some shortcomings; 
it was missing some IP, and 
processor support was not 
as broad as it should be," he 
said. While under Embedix, 
OpenPDA supported only 
Intel's StrongARM and XScale 



WAVELINK EMBRACES MOBILE JAVA, .NET 



BY EDWARD J. CORREIA 

Wave link Corp., which offers 
vertical DOS-based mobile 
solutions for the enterprise, 
will release on March 4 Studio 
Edge, the latest version of its 
mobile development environ- 
ment that it says will embrace 
XML, Web services and .NET, 
and will permit developers to 
build mobile Java applications 
that can be deployed with app 
servers from BE A, IBM and 
Oracle. 

According to Brian Cohee, 
vice president of marketing at 
Wavelink (www.wavelink.com), 
Studio Edge builds on Studio 
3.6, the company's environment 
for building DOS apps for wire- 
less LANs widely used in retail 
to remotely update AS/400s and 
other back-end systems. "We're 
not building super-sophisticat- 
ed applications. Ease of use of 
the interface is critical; in many 
cases, the person using the app 
is not computer literate. It also 
has to work 99.9 percent of the 
time. When these systems go 
down, money is lost." 



But apps built with Studio 
3.6, he claimed, stop working 
when the device goes out of 
range. Also, the target devices 
have no local file systems, mak- 
ing persistence or server syn- 
chronization impossible. 

Cohee said that Studio 
Edge, a stand-alone Java IDE, 
will give customers a choice 
between the company's exist- 
ing proprietary technologies 
and open ones. "XML is a 
good way to describe apps, 
HTTP is a good way to move 
bits back and forth, and Java 
and a virtual machine are the 
language and the back end for 
deployment." 

Further, he maintained, the 
new environment allows for a 
gradual migration from older 
solutions to new. "It permits 
companies to incrementally 
add more powerful and capa- 
ble devices, to move from old- 
er platforms like DOS to 
[Windows CE], or to move 
away from AS/400 servers to 
Web servers. Developers can 
leverage their existing invest- 




Studio Edge users can build Java applications for server deployment. 



ment and have more flexibility 
of how to deploy." 

Also new will be the ability 
to synchronize data on a 
mobile device with the back 
end. Cohee said this gives 
users much greater flexibility 
over where and when they can 
work, and removes restrictions 
on application connectivity 
with the network. Users also 
will be able to control when 



collected data is sent back to 
the server. 

Studio Edge will cost US$195 
per deployed device, with a 
50-device minimum initial pur- 
chase. The environment sup- 
ports DOS and Windows 
CE 2, 3 and CE.NET, and 
ruggedized devices made by 
Fujitsu, HandHeld Products, 
Intermec, LXE, PSC, Symbol 
and TekLogic. I 



processors, Baratta said. Since 
then, Metrowerks has added 
support for TI's OMAP, 
Sharp's ARM 7 and ARM 9 
implementations and AMD's 
AullOO system-on-chip, which 
is the basis for AMD's new ref- 
erence kit. 

The AullOO, which is 
offered at speeds as fast as 
500MHz, incorporates a 32-bit 
MIPS processor with SDRAM, 
SRAM/Flash and EPROM 
memory controllers; 640 x 480 
LCD controller; up to 48 gen- 
eral purpose I/O ports; Fast 
Ethernet; USB host and slave 
controllers; 3 UARTs; audio 
controller and two secure digi- 
tal ports. 

"This is the first MIPS chip 
that [OpenPDA] is on," Barat- 
ta said. "This gives developers 
a platform that lets them get 
down to the nitty-gritty and 
start building hardware exten- 
sions," he added. 

Baratta said that in addition 
to its increased processor sup- 
port, OpenPDA has been 
refreshed to include an MPEG 
4-capable multimedia player 
and an updated version 
of Trolltech's Qtopia user 
interface. Metrowerks (www 
.metrowerks.com) also will 
provide a Linux kernel, a JVM 
from Insignia, Opera's Web 
browser calendar, contact 
database and e-mail apps. The 
OpenPDA Platform was 
demonstrated at the Linux- 
World Conference in New 
York in January and is sched- 
uled to be released by the end 
of March; pricing was not dis- 
closed. I 
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PointBase Embedded 
Java Database Matures 



BY EDWARD J. CORREIA 

Continuing to focus its efforts 
on performance, Java database 
developer PointBase Inc. in 
February released PointBase 
4.5, the latest version of its 
application-specific database 
platform that it says has been 
enhanced sufficiently to han- 
dle high-volume transactions 
in production environments. 
The database also now sup- 
ports AES 128-bit encryption, 
the U.S. government's newly 
adopted standard. 



According to Steve Jones, 
the company's chief of engi- 
neering (www.pointbase.com), 
PointBase Embedded has been 
enhanced to support produc- 
tion-level transaction loads. 
"We're seeing Java applications 
growing up in terms of their 
demands on us. People want to 
plug us in and see the same 
functionality and performance 
levels they're used to with Ora- 
cle and others." 

One performance gain 
comes by way of connection 



pooling, which Jones said 
stores data structures created 
when a user creates a connec- 
tion to the database. "By sav- 
ing these when the user closes 
the connection, the next open 
can take much less time. It is 
most useful to applications 
which open and close connec- 
tions frequently, such as Web 
applications." 

PointBase Micro, a data- 
base for J2ME applications, 
now supports multiple data- 
base connections, which Jones 
claimed greatly simplifies 
development of high-end data- 
access apps. 

"Often an application may 
have logic separated into mul- 
tiple threads which function 
independently, [but each with] 



Nokia Releases Linux J2ME Tools 



BY EDWARD J. CORREIA 

Development tools for Linux- 
hosted machines continue to 
trickle in. Cell-phone maker 
Nokia Inc. has released the 
Nokia Developer's Suite for 
J2ME 1.1 for Linux, a set of free 
tools that it says permit develop- 
ers to build, test and deploy 
applications for Nokia's series 



40 devices, which are MIDP- 
WAP- and M MS -enabled. 

According to the company, 
the kit includes the Nokia 
series 40 concept SDK, which 
delivers the MIDP APIs, class- 
es and a simulator for the com- 
pany's high-end phones. It can 
be used in parallel with the 
series 30 SDK for Linux, 



which provides the Nokia 
user-interface API. 

The Nokia Developer's Suite 
for J2ME 1.1 for Linux sup- 
ports Red Hat 7.2, and can 
either stand alone or integrate 
with Borland's JBuilder 8 or 
Sun's Sun ONE Studio 4. It is 
available now at www. forum 
.nokia.com/tools. I 



a need to access the database. 
Rather than having complex 
logic to share the single con- 
nection and transaction, each 
thread may have a separate 
connection and a separate 
associated transaction," Jones 
explained. 

Available now, PointBase 4.5 



pricing remains unchanged. 
PointBase Embedded 4.5 costs 
US$299; PointBase Micro 4.4 
costs $9 for MIDP, $49 for 
CDC, $99 for J2SE and $299 
for J2EE. UniSync pricing starts 
at $299 per server. Upgrades are 
free to licensees with current 
support contracts. I 



IMSYS: INTERNET-READY 
PLATFORM IS A SNAP 



BY EDWARD J. CORREIA 

That closet full of old 72-pin 
SIMM sockets may no longer 
be obsolete, thanks to Stock- 
holm, Sweden-based Imsys AB. 
In late January, the company 
released the Simple Network 
Application Platform, or SNAP, 
an Internet-ready development 
board that combines its Imsys 
direct Java processor with Fast 
Ethernet, memory, a controller- 
area network bus and various 
other ports, all on a board the 
size of the near-defunct memo- 
ry form factor. 

"SNAP is about 20 times 
faster than compatible prod- 
ucts," claimed Stefan Lof, direc- 
tor of sales and marketing, who 



added that its performance 
makes it well-suited for devel- 
oping remotely monitored sys- 
tems for building management, 
industrial automation and plant 
monitoring. 

SNAP, available now with 
prices starting at US$128, also 
includes a Sun-certified CLDC 
runtime, 8MB DRAM, 2MB 
Flash, real-time clock and calen- 
dar, a pair of 1-wire interfaces, a 
trio of 460KB serial ports, and 
general-purpose I/O ports. In 
addition, the company (www 
.imsys .se) offers a $450-per-seat 
IDE that can handle a combina- 
tion of C, Java and assembler 
code, and includes a C-compiler 
and trace and debug tools. I 
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Java in the Enterprise: 
Testing the Complexities 



BY ALYSON BEHR 



Like all large-scale distributed 
applications, software that lever- 
ages Java 2 Enterprise Edition 
can be complicated. This means 
that J2EE applications can be dif- 
ficult to debug. Whether using Java- 
Server Pages, Enterprise JavaBeans or 
Java Message Service, J2EE apps need 
to do more than compile. They need to 
run, and run correctly, in their deployed 
environment. The challenge: How best 
to test? 

Whether developers are black-box 
testing for functionality, white-box test- 
ing for code construction, or regression 
testing for code integrity, there are sev- 
eral common problems that crop up that 
could be significantly reduced either 
through better programming practices 
or better debugging practices. 

UNIT AND RELIABILITY TESTING 

Incredibly enough, some enterprises 
don't test at all. "The first problem we en- 
counter is that they don't test," said Adam 
Kolawa, CEO of Parasoft (www.parasoft 
.com), a vendor of testing tools. "They 
deploy and hope it works, or they test very 
little. Developers often test only the spe- 
cific part of the software that they are 
implementing one or two ways, maybe, if 
they test it at all." 

The reasoning behind this lack of 
testing is that usually when a developer 
builds a piece of a system such as a class 
or an object, it is independent of the rest 
of the system, which hasn't been built 
yet, so it does not exist. Testing each 
separate piece, or unit testing, is prob- 
lematic because it involves building a 
"stub" that mimics the completed sys- 
tem. Writing these stubs takes a great 
deal of work, and once the actual system 
is complete, the stubs become useless 
and all the code is wasted. 

Kolawa said, "The result is that devel- 
opers say to themselves, 'Hopefully, what 
I wrote is not so bad. I don't really need 
to verify it, so I won't write code for stubs 
to unit test. When the system is com- 
plete, I can connect these components 
and they'll work, without having spent 
the time writing all this extraneous code, 
and then I'll somehow test it.' The testing 
happens way too late." 

Apart from the testing happening too 
late, this reasoning leads to error accu- 
mulation, and the result is very buggy 





code throughout an entire system. 
"When it comes to final integration and 
testing, you are overrun with bugs," 
Kolawa added. "The number of bugs is 
exponential to the amount of code writ- 
ten. In reality, most of these pieces won't 
integrate into the completed system, 
and this is where, typically, most of these 
projects really die." 

Michael Glik, engineering manager 
of the Verification Test Group at Empir- 
ix Inc. (www.empirix.com), believes in 
testing early and often. "If you can iso- 
late the problem in the beginning, you 
have a long time before the release to 



investigate the problem and find the 
best solution. It is very costly to discover 
that the components are written as such 
that they will interlock each other at the 
end of development. Everything you've 
done previously has to be redone." 

The key? Glik said, "I advocate unit 
testing with the promise that all 
resources could then later be utilized in 
the functional and regressional testing of 
the application." 

But don't think that unit testing is the 
be-all and end-all. While Arnaud Weber, 
director of research and development for 
Borland Software Corp.'s Java Business 



Unit, agreed that unit testing is important, 
he cautioned against too much reliance on 
it. "As long as the problem can be cap- 
tured in the unit test, it's good. But one 
should not blindly trust this. Unit testing 
should be done as a complement to the 
regular quality-assurance certification." 

Sam Guckenheimer, senior director of 
technology in Rational Software Corp.'s 
Automated Software Quality Group, sees 
the value of component-level testing for 
Enterprise JavaBeans. "When you're 
developing EJBs, you're fundamentally 
developing components. The practice of 
component testing has been much better 
understood in other domains like Tele- 
com or embedded software development 
than it has been in IT projects." 

Guckenheimer stressed that the relia- 
bility requirements at the component lev- 
el are much higher. "The core issue is 
that if you have a system that you build 
out of components — say you have 30 
components — the average reliability of 
each component is 99 percent, but the 
reliability of the completed system is usu- 
ally only about 50 percent." 

While there are well-known ways to 
do high-reliability testing and develop- 
ment, Guckenheimer recommended 
thinking in terms of five things: the 
code, the flows or interactions, the data, 
the environment and the exceptions. "In 
terms of code, you should be assessing 
code coverage as you test so you're sure 
you haven't missed any code, any paths 
that haven't been exercised." 

But Guckenheimer cautioned, "On 
the flip side, there are probably flows, 
interactions or exceptions that you 
haven't thought to include. You exercise 
those by having a mix of transactions that 
will flow through the composite system 
with a mix of data that will spread 
through all the cases. This should, in 
turn, trigger issues that may arise as a 
result of omission." 

ENVIRONMENTAL DIFFERENCES 

Developers face environmental differ- 
ences between the staging and produc- 
tion environments — and sometimes 
there are no staging systems at all. These 
barriers are usually a result of short- 
sighted cost-cutting efforts that lead to 
greater losses, in terms of soft-cost 
deficits of lost speed-to-market time and 
► continued on page 27 
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The Future Of 
Java Test Tools 

New technologies add power, complexity 



BY ALYSON BEHR 

With the admitted difficulties sur- 
rounding the testing of distributed 
applications, such as those written for 
Java 2 Enterprise Edition, it is 
inevitable that new technologies will 
emerge that attempt to provide relief 
for development department pain. 
Which ones will survive to claim victo- 
ry over chaos, and which ones will fall 
by the wayside? 

According to Adam Kolawa, CEO of 
Parasoft (www.parasoft.com), "Cre- 
ation of the classes from WSDL 
already exists, and the ability to inter- 
face between Java and SOAP protocol 
is almost there. This is where I see the 
biggest news, because I think it may 
kill application servers," making dis- 
tributed applications easier to test, as 
well as to build. 

However, Arnaud Weber, director 
of research and development for Bor- 
land Software Corp.'s Java Business 
Unit, is skeptical as to how Web ser- 
vices will alleviate testing pain. 

"These are interesting for the appli- 
cations themselves. I'm not sure it is 
going to help one way or the other for 
testing," said Weber. "Web services 
let computers request information, 
instead of the user requesting the 
information. You'll see more participa- 
tion between servers 
to accomplish one 
goal. The result will 
be more flexibility, but 
also more complexity." 

Static analysis is a 
hot topic, though its 
maturity status differs 
depending on whom Rational's 
you talk to. Kolawa is a Guckenheimer 
strong proponent. predicts the rise 

"Static analysis is of better test 
one of the most pow- generation tools. 
erful, and at the same 
time underutilized, testing techniques 
in the industry," Kolawa said. "It allows 
you to find a lot of errors very, very 
cheaply." Kolawa added that it has 
been mature for several years. 

Sam Guckenheimer, senior director 
of technology in Rational Software 
Corp.'s Automated Software Quality 
Group, doesn't see the technology as 
particularly mature, but he does see its 
benefits. 

"There have been some attempts at 
static analysis, but none are very 
mature yet. In the Java world, there are 
probably two products, both from tiny 
companies, that do an interesting job 





of complexity analysis. They let you 
visualize the unbuilt system in dia- 
grams so you can try to tear it apart and 
reduce it." 

In contrast to static analysis, Guck- 
enheimer is enthusiastic about runtime 
analysis, viewing it as more useful in the 
near term. 

"Right now, using 
runtime analysis takes 
a fair amount of user 
sophistication, but soon 
we'll see the ability to 
trace the running sys- 
tem into a UML dia- 
Empirix's Glik gram built directly into 
says EJBs and the IDEs, along with 
XML make Java the ability to annotate 
applications the UML diagram 

harder to test. and turn it into a test," 
he said. 
"Along the way," he added, "you'll 
see the other pieces that you get from 
runtime analysis, such as memory pro- 
filing, performance profiling and code 
coverage, so you effectively can grow 
your test suite interactively and experi- 
mentally as you watch the running sys- 
tem. These abilities will be available 
this year." 

Guckenheimer also predicted the 
rise of better test generation tools, and 
described the development of tools that 
will build tests with intelligent stubs. 
"These will exercise the alternate flows 
for exception handling, environmental 
differences and failures along the way 
like lost connections." 

Not so optimistic about runtime 
analysis is Michael Glik, engineering 
manager of the Verification Test Group 
at Empirix Inc. (www.empirix.com). 

"Applications are being developed 
much faster and more efficiently," he 
maintained. "The technologies that 
allow developers to be more efficient 
have a detrimental effect, because 
when the technologies were being 
developed, no one stopped to think 
how to test them." 

"So unfortunately," Glik added, "I 
see an opposite trend. All the tech- 
nologies that I see, such as the EJB 1.1 
spec and XML deployment descrip- 
tors, add an extra layer of complexity. 
They're oriented to make developers' 
lives easier by making the code that 
developers write more efficient and 
more accurate. On the other hand, it 
makes the testing job much harder 
because it isolates the developer, and 
they end up concentrating on their 
individual tasks." I 
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J2EE TESTING 

< continued from page 25 

hard-dollar bottom-line devel- 
opment cost issues. 

Mirroring the production 
environment in the staging en- 
vironment includes using identi- 
cal servers with identical hard- 
ware configurations, number of 
processors, operating systems 
and installed applications. Bor- 
land's Weber sees replication of 
the production environment in 
the test lab as critical. 

"Often people buy cheap 
machines for their lab and then 
deploy on expensive machines, 
which are very different," he 
said. "I'm not exactly saying 
they have to be the same, but at 
the very least, they need to be 
similar." 

While mirroring staging and 
production environments is 
important, it's also a good idea to 
test systems in different environ- 
ments. "Typically," said Ratio- 
nal's Guckenheimer, "you'll have 
one desktop server that you use 
in development, a different serv- 
er in the test lab, and the pro- 
duction server may or may not 
be the same. So in each case, 
you need to be tracking and 
treating the environment as one 
of the variables." 

MEMORY, CACHE SURPRISES 

With J2EE it is very easy to go 
wide on a database and not 
perform enough server-side 
caching, thus overloading the 
database with complex requests 
without realizing it. Weber's rec- 
ommendation is to "profile the 
database and see exactly how 
much time is spent, and add 
some caching if you need to." He 
also cautioned against storing 
too many things in LDAP, and 
noted a situation that comes up 
when a developer lets an HTML 
designer use tags to design com- 
plex Web pages: "Sometimes the 
artist doesn't realize that invok- 
ing those JSP tags slows down 
performance, and they create 
tons of pages with these tags, 
which when pushed to the serv- 
er, cause CPU problems." 

Session storage issues aren't 
unusual with J2EE either. It is 
easy to store an object in a ses- 
sion that refers to other objects. 
You may think you stored only 
the one object, but in fact 
you've stored 3 million bytes of 
stuff that you don't care about. 

One of Java's more enduring 
problems is memory leakage. 
These leaks usually expose 
themselves as performance 
issues, and delayed ones at that. 



"As you know," said Weber, "it's 
very easy to allocate a lot of 
memory in Java and end up with 
a garbage-truck tour that is 
excessively busy causing perfor- 
mance issues. It is also possible 
to have leaks caused by refer- 
ences that you've forgotten you 
have. We're developing at such a 
high level, it's very easy to create 



a level of complexity in your 
algorithm without realizing it." 

TESTING DRIVERS 

The kind of work the applica- 
tion is doing and its require- 
ments drive the type and strin- 
gency of the testing that's 
required. "If you have an appli- 
cation that cannot fail, such as a 



medical application or an aero- 
space application that is a sys- 
tem component on board an 
aircraft where a mistake can be 
extremely costly, there are cer- 
tain relatively pricey develop- 
ment processes that demand 
use and will deliver high-relia- 
bility systems. In this case, 
white-box testing is impera- 



tive," Empirix's Glik said. 

At the end of the day, the 
testing best practices are always 
a work in progress. "Each time 
we come out with a new tool," 
Borland's Weber noted, "we find 
new problems, so we have to go 
back to the drawing board and 
come up with a better testing 
tool to fix the new problem." I 
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Borland Pulls Together 

Talk about hitting the ground running. Borland Soft- 
ware Corp. has already revamped its developer tools 
to incorporate key technologies from its Together Soft 
acquisition — and the deal closed only one month ago. 

The first fruit is a revamped Enterprise Suite for Java, 
which ties together Together's UML modeling capabili- 
ties with the JBuilder integrated development environ- 
ment. Soon, Borland plans to introduce Sidewinder, a 
new C# environment for .NET that encompasses model- 
ing. The company also is wasting no time in leveraging 
aspects of its Starbase acquisition, initially focusing on 
that firm's CaliberRM requirements-management tool. 

Borland also is apparently targeting Rational, which is 
in the process of being acquired by IBM, as well as its 
partner, Microsoft. By throwing Rose and the Rational 
Unified Process out of Enterprise Suite, and replacing 
them with its own Together software — and raising the 
price by a cool US$1,000 per seat — Borland is making a 
bold statement about its model-based development capa- 
bilities. And by licensing Microsoft's .NET Framework 
SDK, and using it as the foundation of a tool intended to 
compete directly against Visual Studio .NET, Borland is 
attacking the industry's largest players on many fronts 
simultaneously. 

One can only hope that it's not biting off too much, too 
quickly. 

Only two years ago, Borland, under the ill-suited 
Inprise name, was on the verge of collapse. Yes, the com- 
pany has achieved a remarkable turnaround by refocusing 
on individual developers. But not all developers: By cater- 
ing to specific communities, such as its traditional Object 
Pascal users through Delphi, and bringing its tools to the 
Linux community, Borland quietly regained its strength. 
It didn't hurt that the company faced mainly weak rivals 
during this period. 

Forget about weak rivals. In October 2002, CEO Dale 
Fuller insisted that Borland wasn't competing against 
Rational. Today, it's going mano a mano against Rational 
and IBM together, while simultaneously taking aim at the 
centerpiece of Microsoft's .NET strategy, VS.NET And 
even on the Linux front, projects like IBM's Eclipse are 
slowly gaining in popularity. 

We admire Fuller's big, bold strategy, and believe that 
a strong Borland can bring competition to the .NET tools 
market, just as it plays a critical role as a leading indepen- 
dent vendor of Java and Linux tools. It does no harm, and 
potentially a world of good, for VS.NET to face a strong, 
innovative challenger. 

Even so, the company may be trying to grow too large, 
too fast. With all of its existing product lines and initia- 
tives, Borland is being pulled in many directions. Given 
the size and nature of his new competitors, and the chal- 
lenges of integrating his new purchases, Fuller's initiatives 
may be a little too bold. 

Happy Birthday to Us 

This issue of SD Times marks our third anniversary as 
the industry newspaper for software development 
managers. Thank you for your support during our launch 
and evolution, especially during this economic and geo- 
political climate. I 
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ts none of your business." 
That phrase used to mean 
something; but increasingly, 
our private concerns seem to be 
everybody's business. Nowhere 
is this more apparent than on 
the Internet, where we are con- 
stantly asked for everything 
from our ages to our salaries to 
our shoe sizes in order to sign 
onto sites or get information 
from merchants. 

Retailers do have a legiti- 
mate reason for wanting to 
know about us. Demographic 
information enables them to 
provide goods and services 
more tailored to our individual 
needs, and to let us know 
when something comes up that 
might match our interests. But 
for many of us, that's not a 
compelling enough reason to 



risk letting personal informa- 
tion get into the wrong hands. 
As a result, more and more 
people are supplying Web sites 
with false information — age, 
address, family size, income, 
etc. — to avoid being identified 
in any way. 

With research showing that 
some three-quarters of 
Internet users don't 
trust Web sites to guard 
their privacy, it's a safe 
bet that there is a 
tremendous amount of 
phony personal informa- 
tion floating around out 
there. Some place the 
misinformation figure at 
more than 50 percent. Ironical- 
ly, this can work against the 
consumer's interests when a 
business plans future products 
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and services based upon a flood 
of inaccurate data. 

The problem, then, is one 
of aligning the needs of busi- 
ness against the privacy rights 
of consumers. For instance, 
how can companies mine 
information important to their 
businesses without learning 
specific things about us 
as individuals? And how 
can a data system be 
built that we can trust 
never to divulge such 
information? 

The solution lies in 
a new approach to data 
management based 
upon the principle of 
"Hippocratic computing." This 
process takes its name from 
part of the Oath of Hippocrates 
sworn by doctors the world 
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SPEAKING MY LANGUAGE 

Thomas J. Theobald, marketing 
manager for Xapware Technolo- 
gies Inc., had submitted a letter 
to the editor titled "UML? Why 
not English?" [Feb. 1, page 24]. 

Mr. Theobald uses under- 
standable English and makes 
many convincing arguments in 
favor of English rather than 
UML. I believe that Mr. Theo- 
bald's arguments are valid. I wish 
to congratulate Mr. Theobald for 
a job well done. I'd like to learn 
more about how we can use 
English to specify corporate sys- 
tems requirements. 

I have personally experi- 
mented with Microsoft's Excel 
as a means of developing struc- 
tured specifications that are 
readable and understandable by 
the CEO, CFO, etc., the com- 
puter technicians and eventually 
the computer (which is too stu- 
pid to make a mistake). 

Ernst Bak 

OMG OWNS NO CODE 

In reference to the lead story in 
the Jan. 15 issue of SD Times 
["Eclipse Shifts Into Life-Cycle 
Development," page 1, or at 
www.sdtimes.com/news/070 
/story 1. htm], we would like to 
provide some clarification. 

Most importantly the first 
paragraph of this story incorrect- 
ly states that OMG donated code 
to the Eclipse.org open-source 
development community. This is 
not correct; OMG does not own 
or donate code of any kind to 
anyone. Rather, OMG's mem- 



bers use our open, neutral 
process to standardize interoper- 
ability and portability specifica- 
tions; the mission is to establish 
those specifications in products 
everywhere, both in commercial 
and open-source implementa- 
tion. As part of this mission, 
OMG maintains strong ties to 
dozens of consortia, such as 
Eclipse.org, to leverage the work 
of OMG's member companies. 
Both NetBeans and Eclipse.org 
are important efforts providing 
(among other things) open- 
source implementation of key 
Model Driven Architecture 
(MDA) standards. 

Richard Mark Soley 

Chairman and CEO 

Object Management Group Inc. 

SEARCHING OUT SUCCESS 

Great work, guys, very motivat- 
ing story ["Software Company 
Celebrates Life," Jan. 15, page 1, 
or at www.sdtimes.com/news 
/070/story3.htm]. I have known 
Paul Leury for quite some time, 
and his work ethic is impressive 
and unmatched. With Paul's 
devotion and continued hard 
work, the success of the compa- 
ny is a simple matter of time. No 
doubt with Paul as part of what 
seems to be a very solid team, 
this young company has a bright 
future ahead. 

Looking forward to tracking 
your success from this part of 
the world! 

Rick Levesque 

Outaouais-Abitibi 

Quebec, Canada 



SUCH A TOOL EXISTS 

In your article "Developers 
Offer Change-Management 
Wish List," [Jan. 15, page 18, or 
at www.sdtimes.com/news/070 
/special3.htm], Bill Richards, 
change-management systems 
administrator for Hewitt Asso- 
ciates LLC, was quoted saying, 
"If we could integrate the con- 
tent with the source code, have 
everything included in one pro- 
ject, press one button and have 
everything integrated, that 
would be ideal. But we don't 
see a single tool that allows us 
to do that." 

Serena Software provides 
such a single tool. Our Change- 
Man enterprise change man- 
agement offering is the only 
solution that can manage paral- 
lel changes to software code 
and content running on differ- 
ent platforms, from mainframes 
to distributed systems to the 
Web. Change Man allows man- 
agement to view, correlate and 
approve all relevant changes 
from anywhere, using a Web 
browser. 

Chuck Henderson 

Director, Product 

Management 

Serena Software Inc. 



WHAT DO YOU THINK? 

SD Times welcomes feedback. Letters 
should include the writer's name, 
company affiliation and contact infor- 
mation. Letters become the property 
of BZ Media and may be edited. Send 
to feedback@bzmedia.com, or fax to 
+1-516-922-1822. Please mark all 
correspondence as Letters to the Editor. 



www.sdtimes.com 



Software Development Times . March 1, 2003 



OPINION 



29 



over: "And about whatever I 
may see or hear in treat- 
ment... I will remain silent." 
The technology is becoming 
available that will enable busi- 
nesses to show the same respect 
for privacy to anyone whose 
data they collect. 

As a concrete example, con- 
sider Hippocratic data mining. 
A series of rules are built into 
data-collection software that 
automatically turn the infor- 
mation into "lies." For exam- 
ple, if I tell a Web site that I'm 
38 years old and earn $60,000 
a year, what actually gets 
entered is a randomized value 
obtained from adding a ran- 
dom value within a predeter- 
mined range to the true value. 
I have no reason to enter mis- 
information, since the soft- 
ware at the other end is actual- 
ly doing it for me! 

So how is this gobbledygook 
of any value to anyone? Using a 



series of mathematical guesses 
based partly on how the initial 
data was randomized, the min- 
ing program gradually recon- 
structs a realistic distribution of 
true values. How many people 
were 20 to 25, say, or 40 to 45? 
Demographic information like 
this might be of great interest to 
a company in quest of 25-year- 
olds to buy its sports cars or 
computer games. The mining 
models will have some inaccu- 
racy — small enough to satisfy 
the miners — and the privacy of 
those who provided personal 
information remains intact. 

Why have we not been using 
Hippocratic computing all 
along? The fact is that, in the 
past, most databases have been 
used to help us with inanimate 
populations, such as inventories, 
shipping schedules and rates 
and prices. Only with the advent 
of the Internet, and the limitless 
opportunities for people to 



interact with each other, have 
we seen an explosion in the col- 
lection of "animate" data, along 
with the potential to abuse per- 
sonal information. Essentially, 
we're still playing catch-up with 
this phenomenon. 

And catch up we must. Priva- 
cy is no longer an option; it has 
become a business imperative. 
Companies will have to adopt 
privacy policies that feature iron- 
clad technology for two reasons. 

First, because consumers 
are insisting upon privacy, com- 
panies that are early to 
embrace — and publicize — such 
privacy guarantees as Hippo- 
cratic computing are likely to 
enjoy an advantage over their 
competitors. 

Second, if businesses do not 
respond to market pull and 
regulate themselves, legislators 
will be more than happy to do 
it for them. We're already see- 
ing movement toward privacy 



legislation in the medical and 
financial industries — two areas 
where people are most sensi- 
tive about how personal infor- 
mation is handled. In Europe, 
the OECD privacy guidelines 
are in place, and there is move- 
ment toward privacy legislation 
in several other countries, 
including Australia, Canada 
and Japan. Clearly, proactive 
deployment of privacy- friendly 
technologies is desirable. 

Hippocratic computing is an 
idea whose time has come. It 
will empower us to share per- 
sonal information only on our 
own terms, and it will allow 
businesses to make decisions in 
a productive, nonintrusive man- 
ner. Thus, we will also be 
assured that the first tenet of 
the Hippocratic Oath comes to 
pass: Do no harm. I 

Rakesh Agrawal is an IBM Fellow 
for IBM Research in San Jose. 
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In response to Mr. Theobald's 
letter ["UML? Why Not Eng- 
lish?" Feb.l, page 24] relative 
to my interview ["Driving 
Toward Better Software," Jan. 
1, page 30, or at www.sdtimes 
.com/cols/industrywatch_069 
.htm], Mr. Theobald and I 
agree on many aspects of "re- 
quirements gathering," although 
we likely disagree on the ap- 
propriate solution. 

While David Rubinstein did 
an excellent job capturing our 
two-hour interview in only 800 
words, he clearly had to make 
extensive edits. Let me point 
out that the very premise of the 
Business Modeling and Collab- 
oration practice that I direct 
for Aberdeen Group (docu- 
mented at www.aberdeen.com 
/bmc) is that business model- 
ing and software modeling are 
converging and that this con- 
vergence is critical if the soft- 
ware industry expects to signif- 
icantly improve efficiency. 

Research indicates that 60 
percent of all bugs are intro- 
duced during the require- 
ments phase and that these 
bugs are so hard to eliminate, 
they account for 80 percent of 
the debugging cost. So, to 
increase the efficiency of large 
IT business software efforts, 
we need to fix the require- 
ments problem, and I believe 
Mr. Theobald and I would 
agree on this. We likely differ 
in how we would address solv- 
ing the requirements problem. 



Any requirements effort 
that does not resolve the "busi- 
ness model" as understood by 
business people with the "soft- 
ware model" as understood by 
developers is, at best, grossly 
inefficient. If the business unit 
and IT organization do not 
work in an extremely collabo- 
rative way, the project is most 
likely doomed to failure. Since 
less that 5 percent of IT orga- 
nizations ask the business units 
if they are satisfied, I posit 
that most IT organizations are 
doomed to failure when re- 
quirements are simply docu- 
ments that the business unit 
has been forced to sign. 

To dramatically improve 
the situation described above, 
there must be a mechanism 
that links the business model 
to the software model, and as 
it happens, there are tools and 
standards that make this pos- 
sible today. I think the differ- 
ence between Mr. Theobald's 
position and mine is in the 
role of modeling tools for 
deriving requirements (these 
need not be UML-based, 
despite Mr. Theobald's asser- 
tion to the contrary, as I will 
explain). 

ProActivity offers a tool for 
business analysts that gener- 
ates "business interviews" from 
its own internal business mod- 
el. The ProActivity model cre- 
ates a set of interview ques- 
tions that drive the business 
analyst to create a complete 



model that is logically sound. 
This model can be transferred 
into a simulation tool to aid 
testing and validation, and can 
also be input into UML-based 
software development tools 
(ProActivity will build export 
utilities to different environ- 
ments based on customer 
needs). IDS Scheer is the mar- 
ket leader in business model- 
ing tools. The ARIS product 
family is used by business peo- 
ple to create, test and docu- 
ment business processes — and 
uses the terms familiar to busi- 
ness people. Once the business 
model is complete, and ARIS 
also includes a simulation envi- 
ronment for testing, the model 
can be exported to Rational 
Rose, the Intalio Business 
Process Engine or to the 
MDA-compliant development 
environment from Interactive 
Objects. In short, IDS Scheer 
can export the business model 
to any UML software develop- 
ment tool a company desires. 

The linkage I describe 
above is a tremendous help, 
but is insufficient. Business 
people, analysts, architects and 
programmers all discuss the 
same system, but each from 
their unique perspective and 
using their own terminology. 
Each uses a language that both 
suits them and helps them to 
easily express their concerns. 
In order to improve software 
development, there must be a 
semantically consistent trans- 
formation between the models 
(or perspectives) used by each 



of these participants, and this 
isn't possible using a Microsoft 
Word document. Instead, the 
model must be shared, and 
that shared model must make 
sure that each valid viewpoint 
is consistent with all the others. 
The shared model also allows 
any viewpoint to be automati- 
cally created (to some extent) 
by the existence of the other 
viewpoints. 

The solutions I described 
above take a business view- 
point and push it in one direc- 
tion to populate a software 
development environment. 
While this is a fantastic step 
forward, since it pushes a busi- 
ness perspective directly into 
the software domain, the 
approach is incomplete be- 
cause the business model and 
the implementation model are 
not dynamically linked. 

The Object Management 
Group is taking a leadership 
role, through its MDA initia- 
tive, to integrate all of these 
perspectives. Major revisions 
are well under way to the UML 
and MOF standards, and one 
key consideration for adoption 
of the new revision is a "first- 
class extensibility mechanism." 
The OMG intends to create a 
modeling environment that 
supports many languages 
under one consolidated model, 
and one important language 
that will be supported is that of 
the typical business person. 

Tim Sloane 

Director 

Aberdeen Group Inc. 




Software Development Times 
March 1, 2003 - Issue No. 073 



Publisher 

Ted Bahr 

+1-516-922-2101 xlOl 'ted@bzmedia.com 

Editor-in-Chief 

Alan Zeichick 

+1-650-359-4763 • alan@bzmedia.com 

Executive Editor 

David Rubinstein 

+1-516-922-2101 xl05 • drubinstein@bzmedia.com 

Senior News Editor 

Edward J. Correia 

+1-516-922-2101 xlOO • ecorreia@bzmedia.com 

Copy Chief 

Patricia Sarica 

+1-516-922-2101 xl06 • p.sarica@bzmedia.com 

Art Director 

Mara Leonardi 

+1-516-922-2101 x!09 • mleonardi@bzmedia.com 



Columnists 

Andrew Binstock 

abinstock@pacificdataworks.com 

Steven J. Vaughan-Nichols 

sjvn@vnal.com 



Contributing Writers 

Alyson Behr 

alyson @behrcomm. com 

Jennifer deJong 

jdejong@vermontel. net 

Lisa Morgan 

lisamorgan @mindspring. com 

Larry O'Brien 

larryo @thinkingin.net 

Esther Schindler 

esther@bitranch. com 



Advertising Sales Representatives 
Southwest U.S. 

Julie Fountain 

+1-831-476-1 716 • jfountain@bzmedia.com 

Northeast/North Central U.S./Canada 

David Karp 

+1-516-922-5253 • dkarp@bzmedia.com 

Northwest U.S./Canada 

Paula F. Miller 

+1-925-831-3803 • pmiller@bzmedia.com 

Southeast U.S./Europe 

Jonathan Sawyer 

+ 1 - 603-924-4489 • jsawyer@bzmedia. com 



Director of Circulation & Manufacturing 

Rebecca Pappas 

+1-516-922-1818 • rpappas@hzmedia.com 

Circulation Assistant 

Phyllis Oakes 

+1-516-922-2287 • poakes@bzmedia.com 

Office Manager/Marketing 

Cathy Zimmermann 

+1-516-922-2101 xl08 • czimm(:rmaiui@bzmedia.com 

Customer Service/Subscriptions 

+1-866-254-0110 • service@bzmedia.com 



Bookkeeping Services 

Ken Hafner • Kiwi Partners Inc. 

khafner@kiwipartners.com 



Article Reprints 

Keith Williams • PARS International Corp. 

+1-212-221-9595x319 • fax +1-212-221-9195 

rcpiints@parsintl.com 



BZ Media 

BZ Media LLC 

2 East Main Street 

Oyster Bay, NY 11771 

+1-516-922-2101 *fax +1-516-922-1822 

www.bzmedia.com • info@bzmedia.com 

President 

Ted Bahr 
Executive Vice President 

Alan Zeichick 






» . - * - VMur* + 








DEVELOPMENT 
NCE & EXPO 



WEST ?003 



* 



SANTA CLARA CONVENTION CENTER 



ARCH Z A - 2 , Z 3 



■ • .*♦*! 




km 




1 \ M 


(BUILD 


L J 


I 



BETTER SDFTWARE 



POO 
00 



I 













JAVA, C+* r .NO, W*fa Sirvtcn, XML, Promts 5 r Minig^mimt. 






...» ■ 




ruriik 



rVfWpf i =: , 



^i-iTEr-L 1 



■ Up Ur UVEi 



ind mtwarXJng vnitU 



Jatn thwsnrrts. of ctevr- 
chosen SO as rJS*.- 3r; 



i&n. 






'■terT«Jr 



tdtxpo-com 




WbRLD 




lL VI 



%r" 







www.sdtimes.com 



Software Development Times . March 1, 2003 



COLUMNS 



31 



DESIGN WITH MOBILE PROBLEMS IN MIND 



Software will need to cater to 
mobile users during the next 3 to 5 
years. Those applications may range 
from those that run on turbocharged 
cell phones to handheld computers to 
traditional personal computers con- 
nected to the Internet or corporate 
networks via wireless Ethernet. 

Mobile development will become a 
factor in both commercial software and 
in-house apps. Anything that the user 
touches directly is likely to require 
significant adaptation due to the exi- 
gencies of intermittent network con- 
nectivity. Last time, our focus was on 
security. Now, let's examine some of 
the other issues. 

The biggest conceptual challenge is 
making the mind switch from the 
expectation of an established network 
connection to a model of asynchronous 
computing. By asynchronous, I mean a 
model that is not built on closely tied 
request-response mechanisms. The 
defining example of this is processing 
e-mail while offline. You can respond 
to all your e-mail while disconnected, 
queue up your replies, and send them 
off when you reconnect. 

The same model needs to bleed 
into the design of client-side software 
going forward. In fact, the same gener- 
al solution should be used: a set of per- 



manent queues that hold messages for 
upload at reconnect time. And like- 
wise, a set of queues to receive incom- 
ing messages. 

This seems like an obvious and con- 
ceptually straightforward modification, 
but like all programming shifts, it's not. 
Suppose, for example, a saleswoman 
wants to enter an order she's just 
received. How much can she do without 
being connected? Can she enter the 
entire order, roll it into the mes- 
sage queue, upload it at recon- 
nect, and expect an e-mail that 
confirms receipt of the order? 
Probably not. 

More likely, she can enter the 
order data, upload it later, and 
then have some interaction 
that requires connectivity. That 
interaction might typically finish — 
with a click of the "Submit" button. 

Simple, right? Suppose this click is 
performed on her Wi-Fi notebook, and 
due to slow performance of the Wireless 
Ethernet link, she receives no confirma- 
tion after 20 seconds. Won't she do the 
same thing everyone else would — hit the 
Submit button again? Sure. And you 
must be prepared to handle this prob- 
lem transparently to the user, and to the 
back-end applications. 

(The solution used by Web apps 
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won't work here. Web apps tell cus- 
tomers not to click Submit again or 
they'll be charged a second time. This 
crude way of foisting responsibility for 
software shortcomings onto the user is 
unlikely to play well with employees.) 

Messaging middleware is helpful 
here: The Submit button sends the OK 
to a queue. Until that OK is sent to the 
server's queue and an acknowledgment 
is received, all further OKs for the same 
transaction are deleted. 

The queue-management techniques 
you choose will be influenced by 
another problem: maintaining 
state. All applications today 
are filled with hundreds — if 
not thousands — of assumptions 
about what execution path pre- 
cedes or follows a given func- 
tion. Innumerable routines in a 
GUI front end, for example, 
rely on the fact that a user can- 
— not get to a particular point, 
save by going through a specific screen 
or set of dialogs. 

How then will such code handle the 
intermittently connected user? If the 
program does not save state — that is, if it 
does not keep track of the context in 
which the user is working, including his 
previous execution path — then intermit- 
tent connection will be functionally 
impossible. The statelessness of the Web 
is an excellent proof point of this: To 
compensate, URLs are twisted about to 



maintain state as the user segues from 
one page to the next. 

This tortured solution works margin- 
ally well only because users do not 
expect to be returned to the place they 
left off when they revisit a site. Howev- 
er, your users will expect such continu- 
ity. They won't expect to have to com- 
pletely retrace their steps every time 
their Wi-Fi hot spot cools down. 

Keeping state is an equally chal- 
lenging problem, given that developers 
have historically assumed state by 
virtue of locality of execution. (If I am 
in this function, it's because I previous- 
ly did this and this to get here.) Now, 
state has to be both maintained and 
checked at every juncture — which is 
far more than a simple refactoring of 
existing code. And in this endeavor, 
message-oriented middleware will be 
of very limited help. 

A collision is coming between occa- 
sionally connected computing and a 
codebase that is ill-equipped to handle 
it. As is ever the case, the latter will tem- 
porarily slow the progress of the former. 
But it is unlikely to halt it. The human 
factors involved in Wi-Fi make its appeal 
too compelling. Developers, therefore, 
need to consider the implementation of 
new applications in light of these future 
requirements. I 

Andrew Binstock is the principal analyst 
at Pacific Data Works LLC. 
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RETOOLING FOR WSI 



In the mainstream press, the big news 
with Java is the never-ending legal 
struggle between Sun and Microsoft to 
get a real Java Virtual Machine back into 
Microsoft's desktop operating system. 
But I don't think that's the biggest news; 
rather, it's that Sun is attempting to play 
ball with non-Sun-run Web services 
efforts, such as making J2EE 1.4 compli- 
ant with the Web Services Interoperabil- 
ity Organization's Basic Profile specifica- 
tion, even as other WS-I players like IBM 
are saying that J2EE isn't good enough. 

Take IBM, which keeps adding pro- 
prietary features to its WebSphere app 
server. While Sun appears to be making 
a good faith effort to play by the rules, 
people like Danny Sabbah, IBM's vice 
president for application and integration 
middleware, and Scott Hebner, IBM's 
director of product management for 
WebSphere, are telling the world that 
the J2EE architecture is insufficient for 
service-oriented application servers. In 
short, J2EE isn't good enough. With 
friends like these, Sun must be thinking, 
who needs enemies? 

But I guess that's the point. As devel- 
opers and managers, we want to have a 
choice of tools, libraries and app servers 
that work smoothly with each other. But 
that's not what the major platform ven- 
dors want. No matter what groups they 



form and what kinds of cooperation they 
promise, they're never, ever friends. 

In the long run, open standards that 
enable smooth development and opera- 
tions are the best way for everyone to 
develop and, yes, make money. In the 
short run — and most software com- 
panies show little real ability to think 
much beyond the next quarter — it's all 
about one-upmanship and beat- 
ing the other guy to the next 
feature. It's all about market 
share now, and precious little 
about cooperating on tools and 
servers that will make their cus- 
tomers' lives easier. 

So, every time I think that 
maybe, just maybe, the IB Ms 
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including a decent JVM, Microsoft is 
hardly encouraging users to download 
the service pack containing the code. To 
quote from a letter that Microsoft sent to 
its partners: "One thing is very clear: 
Windows customers are not required to 
take any action as a result of the District 
Court's order, including downloading the 
updated versions of Windows XP SP1." 

Now what about J2EE 1.4? The 
WS-I compliance means that we won't 
see J2EE 1.4 until late summer, and Sun 
ONE Application Server and 
Sun ONE Studio won't support 
J2EE 1.4 until the end of the 
year, or later. 

In 2004, J2EE 1.4 will be the 
better for its WS-I compliance. 
If everyone else, like BEA and 
Microsoft, keeps the WS-I 
faith, 1.4 will not only make 



and Suns of the world are going ^^^^^^^^^ Java more WS-friendly, it will 



to bury the hatchet of immediate, short- 
term competition for long-term growth 
for all — and not into each other's back — 
it doesn't happen. 

Let's look closer. First, the Microsoft 
story isn't very big. Microsoft has just 
successfully delayed having to patch 
either its own cleaned-up JVM or Sun's 
J2SE runtime into Windows 2000 or 
Windows XP. The court battles contin- 
ue. Sometimes Sun will be on top, some- 
times Microsoft. In the end, no matter 
what the courts say, Microsoft wins. 

Why? Because even as it is forced into 



make creating WS -enabled applications 
that work across different J2EE appli- 
cation lines, or even J2EE and .NET 
lines, much easier. 

That is, if everyone doesn't follow 
IBM's lead and add additional layers of 
must-use code to their application 
servers. What IBM plans for WebSphere 
5 is to get it in line with other IBM soft- 
ware and network initiatives. Specifically, 
IBM wants WebSphere to incorporate 
autonomic (that is, self-healing) technolo- 
gies and grid computing. Armonk also 
will be adding workflow, business rules, 



and provision and audit capability fea- 
tures to WebSphere. 

If you're a true believer in IBM, this is 
good news. It means you can finally use all 
those self-healing and grid computing fea- 
tures without having to dig deep into the 
code. But, for everyone else, it means that 
once more the J2EE standard is being 
held up as not being good enough. 

As you probably can tell, I'm not real- 
ly a Sun fan. But Sun truly has loosened 
its death grip on Java, and we were get- 
ting to the point where you could decide 
between J2EE application servers based 
on performance without having to worry 
about locking yourself into a platform. 
But now IBM has cast fear, uncertainty 
and doubt on J2EE interoperability. 

In the short run, this probably will be 
good for IBM — WebSphere is one fine 
J2EE application server and develop- 
ment environment. 

But in the long run, it's not a good 
idea for IBM to belittle J2EE's abilities, 
just as Microsoft is finally getting .NET 
to the point where it's a serious choice 
for developers. And that, my friends, is 
the real Java news of early 2003. The 
Windows desktop is a lost cause, and 
with moves like this, the Java applica- 
tion-server market may be lost as well. I 

Steven }. Vaughan-Nichols is editor of 
Practical Technology (www.practical- 
tech.com) and has worked as a program- 
mer for NASA and the Dept. of Defense. 
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THE JXTA POSITION 



Project JXTA, a set of protocols put 
forth by Sun Microsystems Inc. to 
define peer-to-peer networking, is a 
month shy of its second birthday In that 
time, according to Sun, the community of 
developers registered on its www.jxta.org 
Web site has grown to 12,300 members, 
and there have been 960,000 downloads. 
Sun has submitted the JXTA specification 
to the IETF for potential standardization, 
and will soon announce it is 
bundling a JXTA runtime plat- 
form into its Linux desktops. 

Juan Carlos Soto, Suns JXTA 
evangelist, said there is a lot of 
work going on behind the scenes. 
Soto was at the recent Linux- 
World show in New York, 
demonstrating JXTA applications 
on handheld computers and cell 
phones as peers to a desktop. The pro- 
jects goal: Decentralize the network and 
have these devices be truly connected as 
peers, not merely as dumb clients. That 
will enable the creation of shared work- 
groups in which people can drag and drop 
documents and changes instead of send- 
ing e-mail and attachments. "We have an 
ambitious vision of the future of network- 
ing," Soto said, "where devices can discov- 
er, call and interact with each other." 

But almost two years into the project, 
there are only two commercially avail- 
able applications that have their founda- 
tion in the JXTA protocols — Internet 
Access Methods Inc.'s IAM- Developing 
collaborative development tool and 
InView Software s just-released Momen- 
tum, a shared information manager to 
help professional services people orga- 
nize and go over documents with clients. 

Both IAM s president and CTO Ger- 
ry Seidman and InView s founder and 
CEO Tom Brubaker embraced JXTA in 
April 2001. In fact, IAM already was 
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collaborative solution 
introduced, yet the 
company decided to base its product on 
JXTA simply to signal to customers the 
company was embracing what it saw as 
an emerging standard. 

InView, however, saw JXTA as the 
solution for which it had been looking. 
Conceived as an Internet graphics distri- 
bution company when Brubaker and 
CTO Art Whitten left Visio 
Corp., InView was grappling 
with an ASP model. "Customers 
didn't care for it," Brubaker stat- 
ed matter-of-factly. "We were 
waiting for JXTA to come along. 
People needed to store data 
locally, and the ASP model just 
didn't work." 

Momentum has evolved into a 
distributed desktop application, with 
instant messaging, document versioning 
and a local repository, and it does not 
require any specialized hardware to set 
up a collaboration session, Brubaker said. 
Yet Brubaker readily acknowledges it 
will take more than IAM -Developing 
and Momentum to give JXTA the indus- 
try momentum it needs to gain more 
widespread adoption. 

"Quite frankly, Sun needs more com- 
panies than InView creating applications" 
if JXTA is to grow, he said. "Sun needs to 
aggressively pursue commercial-grade 
application developers using it." 

Is Sun doing that? "I don't think they 
are," Brubaker said, "because they don't 
have the resources dedicated to it. It goes 
back to their whole software strategy, 
which is another whole can of worms." 

Part of the problem, as seems to be 
the case with every software initiative Sun 
undertakes, is that the company does an 
excellent job of working on the standards 
behind the scenes but does a terrible job 



of marketing the implementations. In this 
case, with a project as relatively new as 
JXTA, Sun has to take the lead for the 
smaller companies building on the proto- 
cols, pushing for its adoption. It clearly 
has come up short in that effort. 

There is another, more deep-seated 
problem: Project JXTA, which is designed 
to decentralize networks, is diametrically 
opposed to what Sun wants to do as a 
hardware vendor, which is to sell server 
boxes that create hard-wired networks. 

Soto admits that adoption of JXTA by 
third-party vendors has happened more 
slowly than he would have liked to have 
seen occur. However, he does not think 
this is because of a lack of effort on Sun's 
part; rather, he said it's due to factors 
beyond Sun's control. 

The top factor slowing adoption, as it 
seems to be throughout the industry, is the 
economy. When budgets are lean, people 
pull back and focus on what they know, 
and they do not take risks trying to build 
on innovative technologies such as JXTA. 

The second factor is one Soto called 
"the Napster effect." People hear peer- 
to-peer, Soto admitted, and they imme- 
diately think of music stealing, of theft of 
services. They think peer-to-peer tech- 
nology is a lightning rod for legal entan- 
glements. "The value of Napster is what 
it enabled," he said. "Anybody in the 
world could get it. Letting the average 
Joe make available his resources is com- 
pelling. It should be for any service, not 
just music. . .a StarOffice presentation, or 
a Word document or CPU cycles. That's 
what peer-to-peer enables." 

Unfortunately, without a stronger push 
from Sun, JXTA's lofty benefits will be slow 
to be realized in a business environment 
looking for better ways to network remote 
devices and to get its people to work in a 
truly peer-to-peer collaborative way. I 

David Rubinstein is executive editor of 
SD Times. 
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The promise of wireless networking has been with us for a long time, but 
issues of compatibility, reliability, capacity and security have conspired to 
keep it from reaching critical mass. However, according to a report from 
Kinetic Information LLC, recent symbiotic advances in connectivity and com- 
munications have enabled the technology to gain practical traction as an en- 
terprise interoperability (EIO) and accessibility tool, and thus to be viewed 
as a credible means for wringing more value from existing IT infrastructures. 

For enterprise solution providers, the benefits of wireless will extend cus- 
tomers' enterprise infrastructures to embrace, literally, the world; increase 
the accessibility and utilization of business apps; and enable usability via 
multiple access devices such as cell phones, handheld devices and tablet 
computers. 

While the enterprise opportunities for wireless are much smaller than 
in the consumer market, Kinetic projects that lingering concerns about 
compatibility, reliability, capacity and security are being successfully 
addressed, and that wireless is ready to play a significant role in the 
enterprise infrastructure. 
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BEA Systems Inc. last month said it has acquired 
authorization infrastructure provider CrossLogix 
Inc. The terms of the deal were not disclosed. The 
acquisition will allow developers writing to the BEA 
WebLogic Enterprise Platform to build greater secu- 
rity into applications and processes ... As expect- 
ed, shares of Dice Inc. stock are now trading on the 
0TC Bulletin Board under the symbol "DICE" after 
the company was delisted from the Nasdaq Stock 
Market. Dice failed to meet conditions laid out by 
the Nasdaq board; the company plans a restructur- 
ing and intends to be privately held by midyear 
... Sun Microsystems Inc. reported second-quar- 
ter revenues of US$2,915 billion, a decline of 6 per- 
cent from year-ago totals, but an increase of 
6 percent from the first quarter of 2003. However, 
net loss in the quarter increased $2,172 billion from 
the $111 million loss posted in the first quarter 
. . . Earnings and net income declined in the second 
quarter from last year's results at Rational Soft- 
ware Corp. The company reported pro-forma net 
income and earnings of US$11.1 million and 6 cents 
per share, respectively, compared with $13.1 million 
and 7 cents per share a year ago. Revenue for the 
quarter was $161.9 million, down from $170.2 million 
a year ago, a decline of 5 percent. I 
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BEA eWorld 2003 March 2-5 

Orlando, Fla. 
BEA SYSTEMS INC. 
www.bea.com/events/eworld/2003 

XML Web Services One March 3-6 

Santa Clara 

101 COMMUNICATIONS LLC 

www.xmlconference.com/santaclara 

Application March 4-7 

Development & Integration 

Orlando, Fla. 

GIGA INFORMATION GROUP 

http://appdevus.gigaweb.com 

Software Test March 10-13 

Automation Conference & Expo 

San Francisco 

SOFTWARE QUALITY ENGINEERING 

www.sge.com/testautomation 

Integration March 17-18 

Technologies Forum 

Santa Clara 

THE YANKEE GROUP 

www.yankeegroup.com/public/events 

/conferences/ITF2003 

CTIA Wireless March 17-19 

New Orleans 

CELLULAR TELECOMMUNICATIONS 

& INTERNET ASSOCIATION 

www.wow-com.com/events 

Web Services Edge March 18-20 

Boston 

SYS-C0N MEDIA INC. 

www.sys-con.com/webservicesedge2003east 

Mobility March 18-21 

Developer Conference 

New Orleans 
MICROSOFT CORP. 

www.wireless2003.com/education 
/microsoftjnobility.cfm 

For a more complete calendar of U.S. software devel- 
opment events, see www.bzmedia.com/calendar. 

Information is subject to change. Send news about 
upcoming events to events@bzmedia.com. 
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Rational XDE Profession at Java Edition Is: 



UML modeling for Java 

model ** code synchronization 

automated design documentation 

custom tzablc design patterns 



data modeling 



and runs rnsidc WebSphere" Studio 




In oilier words, 
your IDE on steroids. 



Lsmms guess Yours minking this is jusl ona more loot ihaLa actually- going la gal in your way. Hardly Rasionar XDE" 
Pnolesslonal blends right inio your dewetopmeni experience. Hw? It runs inside IflW 1 WebSphefe* Studio Application 
Dev&fct^r, or elands alone ^m Us own Ed^ee-bassd Java' htagtaled D&tfaloprTwm Environment. II supp&rts J3EE and 
J2SE- And FalWil XDE support sbo includes membership 1q the flalton^l Developpf Network, 1 " & H^fpiul online community 
that provid&i fflusatiso asso-s, Wab-fcasod trairtmcj and discussion forums. V/& ligura if sofnaona &§&c has already solved 
a probaem, why should you nave io do il again? To creue a better tffcveiafjrnenE wpenence wrthout creeling new pnototems 
tor -yourself, gel RalionaJ KDE staring at only $1 P 595. Or go lo www„raNoflai.oimto((&r/jav-acd1Z to gni a Irw Rational XDE 
Professional Evalualion CD so you con see it and try il oul lor yourself. 
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